-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Unfortunately we haven't made any progress since my last update two weeks ago, and now there's a new vulnerability (clamav).
By maintainer ============= ORPAHNED: apache2 Lapo Luchini: lighttpd Reini Urban: clamav Charles Wilson: tiff, unzip By package ========== apache2 *** ORPHANED *** problem: multiple vulnerabilities (CVE-2007-6420, CVE-2008-1672/2364, CVE-2008-2939) solution: bump to 2.2.9 AND add this patch: http://svn.apache.org/viewvc?view=rev&revision=682870 info: http://www.gentoo.org/security/en/glsa/glsa-200807-06.xml (Those wishing to take this over may find this helpful: http://cygwin-ports.svn.sourceforge.net/viewvc/cygwin-ports/ports/trunk/www/apache2/ BUT the recent patch is not included in SVN yet.) clamav problem: DoS (CVE-2008-1389/3912/3913/3914) solution: bump to 0.94 info: http://www.gentoo.org/security/en/glsa/glsa-200809-18.xml lighttpd problem: multiple vulnerabilities (CVE-2008-1270/1531) solution: bump to 1.4.19 AND apply these patches: http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-servers/lighttpd/files/1.4.19-r2/ info: http://www.gentoo.org/security/en/glsa/glsa-200804-08.xml tiff problem: multiple buffer underflows (CVE-2008-2327) solution: apply this patch http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/media-libs/tiff/files/tiff-3.8.2-CVE-2008-2327.patch info: http://www.gentoo.org/security/en/glsa/glsa-200809-07.xml unzip problem: execution of arbitrary code (CVE-2008-0888) solution: apply this patch http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/app-arch/unzip/files/unzip-5.52-CVE-2008-0888.patch info: http://www.gentoo.org/security/en/glsa/glsa-200804-06.xml Yaakov -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkjcZQsACgkQpiWmPGlmQSN0+gCfXB1F11rTLbLXqru2vZ5DqdrX xBcAnAk7+rOaiTCaQ1UXX3IAgswvgHmR =RVaO -----END PGP SIGNATURE-----