Date: Fri, 13 May 2011 02:22:51 -0700 From: Jeremy Chadwick <freebsd@jdc.parodius.com> To: freebsd-ports-bugs@FreeBSD.org Cc: Olli Hauer <ohauer@FreeBSD.org>, apache@FreeBSD.org Subject: Re: ports/156997: www/apache22 is vulnerable Message-ID: <20110513092251.GA27132@icarus.home.lan> In-Reply-To: <201105130910.p4D9ATZd079583@freefall.freebsd.org> References: <201105130910.p4D9ATZd079583@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 13, 2011 at 09:10:29AM +0000, edwin@FreeBSD.org wrote: > Synopsis: www/apache22 is vulnerable > > Responsible-Changed-From-To: freebsd-ports-bugs->apache > Responsible-Changed-By: edwin > Responsible-Changed-When: Fri May 13 09:10:28 UTC 2011 > Responsible-Changed-Why: > Over to maintainer (via the GNATS Auto Assign Tool) > > http://www.freebsd.org/cgi/query-pr.cgi?pr=156997 Note: this should probably be modified to refer to devel/apr* (I'm not sure which port; apr0, apr1, or apr2 -- or maybe all of them), which is what the Apache port relies on. The security hole appears to be in apr_fnmatch(), so ultimately what needs to be fixed is/are the apr port(s). https://lwn.net/Articles/442625/ -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110513092251.GA27132>