Date: Fri, 10 Jun 2022 19:23:20 +0200 From: Jochen Neumeister <joneum@FreeBSD.org> To: Peter Blok <pblok@bsd4all.org>, "Wall, Stephen" <stephen.wall@redcom.com> Cc: Masachika ISHIZUKA <ish@amail.plala.or.jp>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: Is apache24-2.4.54 vulnerable ? Message-ID: <da55675e-a1f3-d4bb-12a9-5d5398a71786@FreeBSD.org> In-Reply-To: <9CA37653-27D5-4A27-A5D2-9E47287B345E@bsd4all.org> References: <20220610.081507.1134393150579572029.ish@amail.plala.or.jp> <20220610.085155.1636577084047793852.moto@kawasaki3.org> <20220610.095448.1735421952196505841.ish@amail.plala.or.jp> <MN2PR09MB46676762E2DC426D7C555690EEA69@MN2PR09MB4667.namprd09.prod.outlook.com> <9CA37653-27D5-4A27-A5D2-9E47287B345E@bsd4all.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 10.06.22 um 16:36 schrieb Peter Blok: > I think the question is this a typo in the vuln-2022.xml, because the changelog shows the CVE are fixed in 2.4.54 See: https://cgit.freebsd.org/ports/commit/?id=0bb1abdb20498df239e15e7f9e9eec33e2eec499 > > > >> On 10 Jun 2022, at 15:20, Wall, Stephen <stephen.wall@redcom.com> wrote: >> >>> vuln-2022.xml: >>> <affects> >>> <package> >>> <name>apache24</name> >>> <range><lt>2.5.54</lt></range> <------- 2.4.54 ??? >>> </package> ~~~~~~ >>> </affects> >>> -- >>> Masachika ISHIZUKA >> `<lt>` indicates it affects versions less than 2.5.54. >> >> >> -spw >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?da55675e-a1f3-d4bb-12a9-5d5398a71786>