Date: Thu, 30 Sep 2004 17:05:24 -0400 From: "Peter C. Lai" <sirmoo@cowbert.net> To: Eli Dart <dart@nersc.gov> Cc: ports@freebsd.org Subject: Re: apache2 port Message-ID: <20040930210524.GT243@cowbert.net> In-Reply-To: <20040930210232.8B81BF987@gemini.nersc.gov> References: <20040930205503.GS243@cowbert.net> <20040930210232.8B81BF987@gemini.nersc.gov>
index | next in thread | previous in thread | raw e-mail
if PORTVERSION isn't 2.0.51 then you shouldn't be getting anything in 2.0.51 (if you say the vulnerability was only introduced with 2.0.51). This should really be in the ports@ list. On Thu, Sep 30, 2004 at 02:02:32PM -0700, Eli Dart wrote: > > In reply to "Peter C. Lai" <sirmoo@cowbert.net> : > > > no. you can tell by PORTVERSION in the Makefile. > > That still doesn't cover the case of the vulnerability being > introduced by the patch.... > > Unless I'm truly missing something.... > > --eli > > > > > > On Thu, Sep 30, 2004 at 01:45:16PM -0700, Eli Dart wrote: > > > Hi all, > > > > > > There has been another vulnerability [1] discovered in apache2. This > > > affects only version 2.0.51 (where it was introduced). The ports > > > tree is frozen, pending 5.3-R, so I assume that an update of the > > > apache2 port to 2.0.52 is not forthcoming any time soon. > > > > > > The question is this -- since the apache2 in the ports tree is 2.0.50 > > > plus patches, does the version in the ports tree have this > > > vulnerability? It seems that it only would if the patches to 2.0.50 > > > introduced the vulnerability... Does anyone know? > > > > > > Thanks! > > > > > > --eli > > > > > > > > > > > > > > > > > > > > -- > > Peter C. Lai > > University of Connecticut > > Dept. of Molecular and Cell Biology > > Yale University School of Medicine > > SenseLab | Research Assistant > > http://cowbert.2y.net/ > > > > -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040930210524.GT243>