From owner-freebsd-apache@FreeBSD.ORG Thu Aug 2 02:28:21 2012 Return-Path: Delivered-To: apache@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 89E02106566B; Thu, 2 Aug 2012 02:28:21 +0000 (UTC) (envelope-from wxs@atarininja.org) Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.49.45]) by mx1.freebsd.org (Postfix) with ESMTP id 62CB98FC17; Thu, 2 Aug 2012 02:28:21 +0000 (UTC) Received: by syn.atarininja.org (Postfix, from userid 1001) id 7570B5C39; Wed, 1 Aug 2012 22:28:15 -0400 (EDT) Date: Wed, 1 Aug 2012 22:28:15 -0400 From: Wesley Shields To: apache@FreeBSD.org Message-ID: <20120802022815.GA11600@atarininja.org> References: <7c8467ef6164399c7fc1d11960768453@nyi.unixathome.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7c8467ef6164399c7fc1d11960768453@nyi.unixathome.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: ports-security@FreeBSD.org Subject: Re: Apache 2.2.22 vuln X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2012 02:28:21 -0000 On Wed, Aug 01, 2012 at 11:48:02AM -0400, Dan Langille wrote: > This post to apache@ seems to indicate that Apache 2.2.22 is vulnerable > > > http://lists.freebsd.org/pipermail/freebsd-apache/2012-June/002778.html Would someone from apache@ please commit the patch at [1] to www/apache22. I will be committing a VuXML about this. I will also be marking www/apache20 as vulnerable because AFAIK it is but there's no official patch for it. If I don't see it committed by Friday evening (GMT-5) I will just do it myself. [1]: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/envvars-std.in?r1=421103&r2=1341651 -- WXS