From owner-freebsd-security  Wed Jun 19 14:10:36 2002
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [63.229.157.2])
	by hub.freebsd.org (Postfix) with ESMTP id 863CD37B408
	for <freebsd-security@FreeBSD.ORG>; Wed, 19 Jun 2002 14:10:29 -0700 (PDT)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id PAA24232;
	Wed, 19 Jun 2002 15:10:13 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms.
Message-Id: <4.3.2.7.2.20020619150748.0236b1d0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Wed, 19 Jun 2002 15:10:06 -0600
To: Jan Lentfer <Jan.Lentfer@web.de>, freebsd-security@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>
Subject: Re: Apache 1.3.26 port
In-Reply-To: <1024460049.2166.6.camel@jan-linnb.lan>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Yes, installing the new port will nuke all of your data. And,
as has been the case with many other ports, the package has
not been built and put up on the FTP site. Everyone who installs
FreeBSD and elects to install Apache across the Net will get
the insecure version of Apache until this is fixed.

It's just as important to upgrade the binary packages (and/or
mark them as "forbidden") as it is the ports.

--Brett

At 10:14 PM 6/18/2002, Jan Lentfer wrote:
  
>Hi,
>
>i am new to this list, so I don't know if this is the right place for my
>comment, so please be gentle ;-)
>
>After reading all the mail about the apache vulnerability, today I
>installed the new 1.3.26 port. The compilation, etc. went clean, I also
>had to reinstall mod_php4 and mod_fastcgi until I could make apache
>start. Then I found that all my subdirectories in /usr/local/data/www
>were gone (deleted)!! Luckily this was on my private machine! Is this a
>normal behaviour? Anyway, it's good I know it now so I will for sure
>backup the directorires on my production machines
>
>
>Regards,
>
>Jan Lentfer
>
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message