On Mon, Dec 03, 2007 at 05:17:47PM -0500, Mark Bucciarelli wrote: > I can see from the openbsd cvs logs that the openbsd port was updated > to 1.4.18 (fixing a security issue) on Fri Oct 5 14:56:50 2007 UTC. > > The 4.2 lighttpd package is 1.4.16, so did the fix occur after the 4.2 freeze?
Yes. > Also, I didn't see any posts on ports-security for this issue. Is the > gmane listing [1] incomplete, or do some issues not make it to > ports-security? It has already been discussed, there is no one available to handle security updates to -stable ports. It is recommended to use -current if you want maintained ports with security updates. Landry
