On 09/01/2011 12:47, Chris Rees wrote:
> On 1 September 2011 20:42, Andrey Chernov <[email protected]> wrote:
>> On Thu, Sep 01, 2011 at 07:06:27PM +0000, Chris Rees wrote:
>>> crees 2011-09-01 19:06:27 UTC
>>>
>>> FreeBSD ports repository
>>>
>>> Modified files:
>>> security/vuxml vuln.xml
>>> Log:
>>> Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected.
>>>
>>
>> According to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
>> 1.3 _is_ affected and there will be no fix for 1.3:
>> "Note that, while popular, Apache 1.3 is deprecated." (from
>> announce@httpd advisory about ranges bug).
>>
>
> Yeah, there's an update from yesterday at
>
> https://people.apache.org/~dirkx/CVE-2011-3192.txt
>
> Perhaps I should have put the link rather than the CVE name, sorry.
>
> Although there's a problem with apache13, it's no longer a
> showstopper, just causes slowdowns.
Isn't encouraging people to move away from 1.3 a good thing, regardless?
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[email protected]"
