Date: Fri, 10 Jun 2022 16:36:16 +0200 From: Peter Blok <pblok@bsd4all.org> To: "Wall, Stephen" <stephen.wall@redcom.com> Cc: Masachika ISHIZUKA <ish@amail.plala.or.jp>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: Is apache24-2.4.54 vulnerable ? Message-ID: <9CA37653-27D5-4A27-A5D2-9E47287B345E@bsd4all.org> In-Reply-To: <MN2PR09MB46676762E2DC426D7C555690EEA69@MN2PR09MB4667.namprd09.prod.outlook.com> References: <20220610.081507.1134393150579572029.ish@amail.plala.or.jp> <20220610.085155.1636577084047793852.moto@kawasaki3.org> <20220610.095448.1735421952196505841.ish@amail.plala.or.jp> <MN2PR09MB46676762E2DC426D7C555690EEA69@MN2PR09MB4667.namprd09.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I think the question is this a typo in the vuln-2022.xml, because the = changelog shows the CVE are fixed in 2.4.54 > On 10 Jun 2022, at 15:20, Wall, Stephen <stephen.wall@redcom.com> = wrote: >=20 >> vuln-2022.xml: >> <affects> >> <package> >> <name>apache24</name> >> <range><lt>2.5.54</lt></range> <------- 2.4.54 ??? >> </package> ~~~~~~ >> </affects> >> -- >> Masachika ISHIZUKA >=20 > `<lt>` indicates it affects versions less than 2.5.54. >=20 >=20 > -spw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9CA37653-27D5-4A27-A5D2-9E47287B345E>