Am 10.06.22 um 16:36 schrieb Peter Blok:
I think the question is this a typo in the vuln-2022.xml, because the changelog shows the CVE are fixed in 2.4.54
See: https://cgit.freebsd.org/ports/commit/?id=0bb1abdb20498df239e15e7f9e9eec33e2eec499
On 10 Jun 2022, at 15:20, Wall, Stephen <[email protected]> wrote:vuln-2022.xml: <affects> <package> <name>apache24</name> <range><lt>2.5.54</lt></range> <------- 2.4.54 ??? </package> ~~~~~~ </affects> -- Masachika ISHIZUKA`<lt>` indicates it affects versions less than 2.5.54. -spw
