Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 May 2011 02:22:51 -0700
From:      Jeremy Chadwick <freebsd@jdc.parodius.com>
To:        freebsd-ports-bugs@FreeBSD.org
Cc:        Olli Hauer <ohauer@FreeBSD.org>, apache@FreeBSD.org
Subject:   Re: ports/156997: www/apache22 is vulnerable
Message-ID:  <20110513092251.GA27132@icarus.home.lan>
In-Reply-To: <201105130910.p4D9ATZd079583@freefall.freebsd.org>
References:  <201105130910.p4D9ATZd079583@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 13, 2011 at 09:10:29AM +0000, edwin@FreeBSD.org wrote:
> Synopsis: www/apache22 is vulnerable
> 
> Responsible-Changed-From-To: freebsd-ports-bugs->apache
> Responsible-Changed-By: edwin
> Responsible-Changed-When: Fri May 13 09:10:28 UTC 2011
> Responsible-Changed-Why: 
> Over to maintainer (via the GNATS Auto Assign Tool)
> 
> http://www.freebsd.org/cgi/query-pr.cgi?pr=156997

Note: this should probably be modified to refer to devel/apr* (I'm not
sure which port; apr0, apr1, or apr2 -- or maybe all of them), which is
what the Apache port relies on.

The security hole appears to be in apr_fnmatch(), so ultimately what
needs to be fixed is/are the apr port(s).

https://lwn.net/Articles/442625/

-- 
| Jeremy Chadwick                                   jdc@parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.               PGP 4BD6C0CB |




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110513092251.GA27132>