From owner-freebsd-ports  Tue May  7  9: 0:22 2002
Delivered-To: freebsd-ports@freebsd.org
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id 935EC37B401
	for <ports@FreeBSD.org>; Tue,  7 May 2002 09:00:06 -0700 (PDT)
Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111])
	by gw.nectar.cc (Postfix) with ESMTP id 1AC7458
	for <ports@FreeBSD.org>; Tue,  7 May 2002 11:00:06 -0500 (CDT)
Received: from madman.nectar.cc (localhost [IPv6:::1])
	by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g47G05A1096565
	for <ports@FreeBSD.org>; Tue, 7 May 2002 11:00:05 -0500 (CDT)
	(envelope-from nectar@madman.nectar.cc)
Received: (from nectar@localhost)
	by madman.nectar.cc (8.12.3/8.12.3/Submit) id g47G05Ed096564
	for ports@FreeBSD.org; Tue, 7 May 2002 11:00:05 -0500 (CDT)
Date: Tue, 7 May 2002 11:00:05 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: ports@FreeBSD.org
Subject: Fwd: [Apache-SSL 1.3.22+1.47 - update to security fix]
Message-ID: <20020507160005.GH96090@madman.nectar.cc>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
X-Url: http://www.nectar.cc/
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org


Would someone either update the apache13-ssl port, or kill it?  I
should have marked it FORBIDDEN when we issued FreeBSD-SN-02:01, but I
still have not.

Cheers,
-- 
Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

----- Forwarded message from Ben Laurie <ben@algroup.co.uk> -----
Date: Mon, 04 Mar 2002 14:47:51 +0000
From: Ben Laurie <ben@algroup.co.uk>
To: Apache SSL <apache-ssl@lists.aldigital.co.uk>,
	Apache SSL Announce <apache-sslannounce@lists.aldigital.co.uk>,
	Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>,
	CERT Coordination Center <cert@cert.org>
Subject: Apache-SSL 1.3.22+1.47 - update to security fix

On Friday 1st March 2002 I released a security alert for Apache-SSL,
announcing a fix to a buffer overflow. Unfortunately, because the fix
had to be released in haste (since I had not been alerted before public
disclosure), the fix had a bug.

Fortunately, the bug did not leave Apache-SSL vulnerable, but it did
prevent correct operation.

I have, therefore, released an updated version of Apache-SSL today,
1.3.22+1.47, which is available from all the usual places.

Users of versions prior to this should upgrade immediately.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

----- End forwarded message -----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message