Re: Is apache24-2.4.54 vulnerable ?

In reply to: Peter Blok : "Re: Is apache24-2.4.54 vulnerable ?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Jochen Neumeister <joneum_at_FreeBSD.org>
Date: Fri, 10 Jun 2022 17:23:20 UTC

Am 10.06.22 um 16:36 schrieb Peter Blok:
> I think the question is this a typo in the vuln-2022.xml, because the changelog shows the CVE are fixed in 2.4.54


See: 
https://cgit.freebsd.org/ports/commit/?id=0bb1abdb20498df239e15e7f9e9eec33e2eec499


>
>
>
>> On 10 Jun 2022, at 15:20, Wall, Stephen <stephen.wall@redcom.com> wrote:
>>
>>> vuln-2022.xml:
>>>   <affects>
>>>     <package>
>>>     <name>apache24</name>
>>>     <range><lt>2.5.54</lt></range>   <------- 2.4.54 ???
>>>     </package> ~~~~~~
>>>   </affects>
>>> --
>>> Masachika ISHIZUKA
>> `<lt>` indicates it affects versions less than 2.5.54.
>>
>>
>> -spw
>