Simon L. Nielsen wrote: > On 2006.07.30 19:32:32 +0400, Sergey Matveychuk wrote: >> Simon L. Nielsen wrote: >>> simon 2006-07-28 21:59:23 UTC >>> >>> FreeBSD ports repository >>> >>> Modified files: >>> security/vuxml vuln.xml >>> Log: >>> Document apache -- mod_rewrite ldap buffer overflow vulnerability. >>> >>> Thanks to remko for doing initial list of apache package names in an >>> earlier VuXML entry. >>> >>> Revision Changes Path >>> 1.1085 +100 -1 ports/security/vuxml/vuln.xml >> Simon, looks like you use wrong comparing operator tags in the entry. >> 1.3.28, 2.0.46 and 2.2.0 are not affected versions, so here should be >> <gt>, not <ge>. > > I'm pretty sure they are correct since those versions are affected. > From [1]: > > An off-by-one flaw exists in the Rewrite module, mod_rewrite, > as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and > 2.2 since 2.2.0. > > [1] http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955 >
Oh, sorry, I'm wrong. -- Dixi. Sem. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
