Date: Fri, 10 Jun 2022 09:54:48 +0900 (JST) From: Masachika ISHIZUKA <ish@amail.plala.or.jp> To: freebsd-security@freebsd.org Subject: Re: Is apache24-2.4.54 vulnerable ? Message-ID: <20220610.095448.1735421952196505841.ish@amail.plala.or.jp> In-Reply-To: <20220610.085155.1636577084047793852.moto@kawasaki3.org> References: <20220610.081507.1134393150579572029.ish@amail.plala.or.jp> <20220610.085155.1636577084047793852.moto@kawasaki3.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>> % pkg audit -F >> vulnxml file up-to-date >> apache24-2.4.54 is vulnerable: >> Apache httpd -- Multiple vulnerabilities >> CVE: CVE-2022-26377 >> CVE: CVE-2022-28330 >> CVE: CVE-2022-28614 >> CVE: CVE-2022-28615 >> CVE: CVE-2022-29404 >> CVE: CVE-2022-30522 >> CVE: CVE-2022-30556 >> CVE: CVE-2022-31813 >> WWW: https://vuxml.FreeBSD.org/freebsd/49adfbe5-e7d1-11ec-8fbd-d4c9ef517024.html >> 1 problem(s) in 1 installed package(s) found. > > It seems like true for apache24-2.4.53 and prior, and fixed version is > ...2.4.54. > > See also Apache httpd's Security Reports page: > https://httpd.apache.org/security/vulnerabilities_24.html My question is that apache24-2.4.54 is shown vulnerable on security/vuxml 959028638c9e3236ab91a2d8865fb3893775a28a. vuln-2022.xml: <affects> <package> <name>apache24</name> <range><lt>2.5.54</lt></range> <------- 2.4.54 ??? </package> ~~~~~~ </affects> -- Masachika ISHIZUKA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220610.095448.1735421952196505841.ish>