On 27/03/2018 13:52, Bernard Spil wrote:
> Hi all,
> 
> Just noticed that the Apache project has removed the patches they had
> for 2.2.34.
> 
>     http://www.apache.org/dist/httpd/patches/apply_to_2.2.34/
> 
> Combined with the security update of 2.4 branch to 2.4.33 leads me to
> believe that Apache 2.2 is now vulnerable and no patches will be provided.
> 
> If someone wishes to step up and get patches for 2.2 from e.g. RedHat,
> we may be able to keep the port alive for a bit longer. If no one steps
> up, I see no other way forward than to delete the port as indicated by
> the DEPRECATED variable and expiration date 2017-07-01 since July 2016.
> 

While I agree that apache 2.2 is now firmly dead, they moved the patches
for 2.2.34 to
https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/ , however
no new patches for the recent CVEs were added.


Vince



> Cheers,
> 
> Bernard.
> _______________________________________________
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Reply via email to