From owner-freebsd-questions@FreeBSD.ORG Sun Jul 30 09:51:15 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4EE3216A589 for ; Sun, 30 Jul 2006 09:51:15 +0000 (UTC) (envelope-from svein.h@lvor.halvorsen.cc) Received: from signal.itea.ntnu.no (signal.itea.ntnu.no [129.241.190.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id 80C1243D77 for ; Sun, 30 Jul 2006 09:51:05 +0000 (GMT) (envelope-from svein.h@lvor.halvorsen.cc) Received: from localhost (localhost [127.0.0.1]) by signal.itea.ntnu.no (Postfix) with ESMTP id 990C2337B0 for ; Sun, 30 Jul 2006 11:51:04 +0200 (CEST) Received: from maren.thelosingend.net (maren.math.ntnu.no [129.241.211.48]) by signal.itea.ntnu.no (Postfix) with SMTP for ; Sun, 30 Jul 2006 11:51:03 +0200 (CEST) Received: (qmail 524 invoked by uid 88); 30 Jul 2006 11:51:02 +0200 Received: from 37.84-48-193.nextgentel.com (HELO [10.0.0.7]) (84.48.193.37) by maren.thelosingend.net (qpsmtpd/0.31.1) with ESMTP; søn, 30 jul 2006 11:51:01 +0200 Message-ID: <44CC815D.1080102@lvor.halvorsen.cc> Date: Sun, 30 Jul 2006 11:52:29 +0200 From: Svein Halvor Halvorsen User-Agent: Thunderbird 1.5.0.2 (X11/20060522) MIME-Version: 1.0 To: dick hoogendijk References: <20060730094353.GA6870@lothlorien.nagual.nl> In-Reply-To: <20060730094353.GA6870@lothlorien.nagual.nl> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=9198BB40; url=mailto:pgpkey@svein.halvorsen.cc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigBFB96DFC77B410168335EE10" X-Virus-Checked: Checked X-Content-Scanned: with sophos and spamassassin at mailgw.ntnu.no. X-Amavis-Alert: BAD HEADER Non-encoded 8-bit data (char F8 hex) in message header 'Received' Received: ...smtpd/0.31.1) with ESMTP; s\370n, 30 jul 2006 ... ^ Cc: freebsd-questions Subject: Re: update info on ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jul 2006 09:51:15 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBFB96DFC77B410168335EE10 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable dick hoogendijk wrote: > Normally I upgrade my ports if I see new versions. > But now I have a question: I saw a new apache22 version (apache-2.2.2_1= ) > but on the apache site I could not find anything related to security bu= gs > or whatever. I *did* find a version 2.2.3 though (not yet in ports!) >=20 > So now I wonder, what is the difference of port apache-2.2.2 and the > latest one "apache-2.2.2_1" > Imho it should be nice to have some kind of info file in the port telli= ng > the reasons to upgrade. Does anyone know? > Or should I just wait for apache-2.2.3 (can't be that long). >=20 You should check out freshports.org Fix security issue in mod_rewrite. All people using mod_rewrite are strongly encouraged to update. An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team Updates to latest versions will follow soon. In addition to show changelogs for the ports, freshports also lets you "watch" one or more ports and be pinged whenever there's a new version. You should also install portaudit. This will give a list of installed ports on your system with known security issues. Also, if installed, it will will warn you if you try to install a port with such issues, and prompt you to update your ports tree. Svein Halvor --------------enigBFB96DFC77B410168335EE10 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) Comment: mailto:pgpkey@svein.halvorsen.cc to get my PGP-key iD8DBQFEzIFhhQg3vZGYu0ARArbVAJ9GA+8yJJbXin3OaOdTWEWr4irlcQCgp1nI llD2xsKYLgJm7fhkY2DRjMM= =+qek -----END PGP SIGNATURE----- --------------enigBFB96DFC77B410168335EE10--