From owner-freebsd-security  Fri Nov 27 02:00:31 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA03440
          for freebsd-security-outgoing; Fri, 27 Nov 1998 02:00:31 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gilberto.physik.RWTH-Aachen.DE (gilberto.physik.rwth-aachen.de [137.226.30.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA03433
          for <freebsd-security@freebsd.org>; Fri, 27 Nov 1998 02:00:08 -0800 (PST)
          (envelope-from kuku@gilberto.physik.RWTH-Aachen.DE)
Received: (from kuku@localhost)
	by gilberto.physik.RWTH-Aachen.DE (8.8.8/8.8.7) id KAA28439;
	Fri, 27 Nov 1998 10:57:44 +0100 (MET)
	(envelope-from kuku)
Message-ID: <19981127105744.A28408@gil.physik.rwth-aachen.de>
Date: Fri, 27 Nov 1998 10:57:44 +0100
From: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>
To: Sheldon Hearn <axl@iafrica.com>,
        Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: cgi-bin/phf* security hole in apache
References: <19981126190545.A26062@gil.physik.rwth-aachen.de> <22257.912152434@axl.training.iafrica.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91
In-Reply-To: <22257.912152434@axl.training.iafrica.com>; from Sheldon Hearn on Fri, Nov 27, 1998 at 09:40:34AM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Nov 27, 1998 at 09:40:34AM +0200, Sheldon Hearn wrote:
> 
> 
> On Thu, 26 Nov 1998 19:05:45 +0100, Christoph Kukulies wrote:
> 
> > Excuse me, if you already are that precise, what apache FAQ are you refering?
> > The 'offical' one on their web page carries
> > 
> > "8. Whom do I contact for support?"
> 
> That's exactly right. You're currently mailing freebsd-current, which is
> not the right place to ask for help with Apache software. This means
> you're contributing to the noise factor on the list and devaluing it.

Despite from the somewhat unfriendly undertone in your answer - which I
overhear for the moment - I find that bringing up security issues in a
security list isn't adding to the noise factor.

To make it 100% FreeBSD related I refine my question:

Is there any danger and to what extent arising from previous or current
apache httpd installations from the FreeBSD ports tree, especially WRT
that phf security hole?

Shouldn't the port also install the phf 'candid camera' catcher
automatically?

> 
> Ciao,
> Sheldon.

-- 
Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message