From owner-freebsd-questions@FreeBSD.ORG  Tue Mar 10 17:18:11 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 344B110656C5
	for <freebsd-questions@freebsd.org>;
	Tue, 10 Mar 2009 17:18:11 +0000 (UTC)
	(envelope-from thomas@goodking.ca)
Received: from mail-qy0-f128.google.com (mail-qy0-f128.google.com
	[209.85.221.128])
	by mx1.freebsd.org (Postfix) with ESMTP id E3DCC8FC17
	for <freebsd-questions@freebsd.org>;
	Tue, 10 Mar 2009 17:18:10 +0000 (UTC)
	(envelope-from thomas@goodking.ca)
Received: by qyk34 with SMTP id 34so2119642qyk.3
	for <freebsd-questions@freebsd.org>;
	Tue, 10 Mar 2009 10:18:10 -0700 (PDT)
Received: by 10.224.11.14 with SMTP id r14mr9566204qar.183.1236704154300;
	Tue, 10 Mar 2009 09:55:54 -0700 (PDT)
Received: from goodking.goodking.ca (dynamic-216-211-117-14.tbaytel.net
	[216.211.117.14])
	by mx.google.com with ESMTPS id 12sm2496018qyk.149.2009.03.10.09.55.53
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Tue, 10 Mar 2009 09:55:53 -0700 (PDT)
Sender: Thomas Abthorpe <thomas@goodking.ca>
From: Thomas Abthorpe <tabthorpe@freebsd.org>
Organization: FreeBSD.GoodKing.Ca
To: freebsd-questions@freebsd.org
Date: Tue, 10 Mar 2009 11:55:49 -0500
User-Agent: KMail/1.9.10
References: <22434745.post@talk.nabble.com>
In-Reply-To: <22434745.post@talk.nabble.com>
X-Face: /|[9,PbEOB6g>?2^*Sc|"~6:Ro"O>Nv\Rfkv\42g)=?utf-8?q?TuAYG=26+bD=5CpCJTX31s=5Fp=7Bc7=5D5a=2ED=2E=0A=09Y?=@QddKu_I[XB8;
	euK=^[=L1I#]rgi[0jgz^4qCTwlj]3kJ)]vc}O"HrA14hN)=?utf-8?q?aXewJPTi=7C=0A=09Pt=7BS3=23Vw4x-?="/:&<!
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200903101255.50386.tabthorpe@freebsd.org>
Cc: new_guy <byte8bits@gmail.com>
Subject: Re: CVE-2008-2939 and FreeBSD
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2009 17:18:11 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On March 10, 2009 09:57:43 am new_guy wrote:
> I can't find any info on the Web. Has CVE-2008-2939 been addressed in
> FreeBSD7.1 Apache2.2? I can't find any reference to that CVE number.
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939

This issue has indeed been addressed, 
http://www.freshports.org/commit.php?category=www&port=apache22&files=yes&message_id=200808312300.m7VN0RJV025926@repoman.freebsd.org

>
> I've subscribed to the security notification list, and I've searched the
> archives, but no go.

Often these ports vulnerabilities are documented via security/vuxml, and can 
be found at http://www.vuxml.org/freebsd/. The vuxml has not been created for 
this instance :(

Sending a courtesy email to ports-security@FreeBSD.org with relevant info is 
always appreciated, sending a PR generated with output of security/vuxml is 
even better!


Thomas

- -- 
Thomas Abthorpe		| FreeBSD Committer
tabthorpe@FreeBSD.org	| http://people.freebsd.org/~tabthorpe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (FreeBSD)

iEYEARECAAYFAkm2m5YACgkQ5Gm/jNBp8qBdxwCfUAMzoPX3QTdH5aJfXyhHO67+
pWQAn1OWH32rvLPFkfVqoDPH7+aIfSlE
=JURb
-----END PGP SIGNATURE-----