Date: Sat, 6 Apr 2002 14:32:43 -0500 From: Barney Wolff <barney@databus.com> To: security@FreeBSD.ORG Subject: Re: FreeBSD Security Notice FreeBSD-SN-02:01 Message-ID: <20020406143243.A8409@tp.databus.com> In-Reply-To: <200204051512.g35FCOr11637@freefall.freebsd.org>; from security-advisories@FreeBSD.ORG on Fri, Apr 05, 2002 at 07:12:24AM -0800 References: <200204051512.g35FCOr11637@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't understand the status of "Not yet fixed." The advisory says mod_ssl versions < 2.8.7 have the bug, while 2.8.8 is the port distfile as of 3/28/02. What am I missing? On Fri, Apr 05, 2002 at 07:12:24AM -0800, FreeBSD Security Advisories wrote: > +------------------------------------------------------------------------+ > Port name: apache13-ssl, apache13-modssl > Affected: all versions of apache+ssl > all versions of apache+mod_ssl > Status: Not yet fixed. > Buffer overflows in SSL session cache handling. > <URL:http://www.apache-ssl.org/advisory-20020301.txt>; > <URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html>; -- Barney Wolff I never met a computer I didn't like. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020406143243.A8409>