Date: Sun, 30 Jul 2006 11:52:29 +0200 From: Svein Halvor Halvorsen <svein.h@lvor.halvorsen.cc> To: dick hoogendijk <dick@nagual.nl> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: update info on ports Message-ID: <44CC815D.1080102@lvor.halvorsen.cc> In-Reply-To: <20060730094353.GA6870@lothlorien.nagual.nl> References: <20060730094353.GA6870@lothlorien.nagual.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBFB96DFC77B410168335EE10 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable dick hoogendijk wrote: > Normally I upgrade my ports if I see new versions. > But now I have a question: I saw a new apache22 version (apache-2.2.2_1= ) > but on the apache site I could not find anything related to security bu= gs > or whatever. I *did* find a version 2.2.3 though (not yet in ports!) >=20 > So now I wonder, what is the difference of port apache-2.2.2 and the > latest one "apache-2.2.2_1" > Imho it should be nice to have some kind of info file in the port telli= ng > the reasons to upgrade. Does anyone know? > Or should I just wait for apache-2.2.3 (can't be that long). >=20 You should check out freshports.org Fix security issue in mod_rewrite. All people using mod_rewrite are strongly encouraged to update. An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team Updates to latest versions will follow soon. In addition to show changelogs for the ports, freshports also lets you "watch" one or more ports and be pinged whenever there's a new version. You should also install portaudit. This will give a list of installed ports on your system with known security issues. Also, if installed, it will will warn you if you try to install a port with such issues, and prompt you to update your ports tree. Svein Halvor --------------enigBFB96DFC77B410168335EE10 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) Comment: mailto:pgpkey@svein.halvorsen.cc to get my PGP-key iD8DBQFEzIFhhQg3vZGYu0ARArbVAJ9GA+8yJJbXin3OaOdTWEWr4irlcQCgp1nI llD2xsKYLgJm7fhkY2DRjMM= =+qek -----END PGP SIGNATURE----- --------------enigBFB96DFC77B410168335EE10--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44CC815D.1080102>