ports/156997: www/apache22 is vulnerable
Jeremy Chadwick
freebsd at jdc.parodius.com
Fri May 13 09:22:54 UTC 2011
On Fri, May 13, 2011 at 09:10:29AM +0000, edwin at FreeBSD.org wrote:
> Synopsis: www/apache22 is vulnerable
>
> Responsible-Changed-From-To: freebsd-ports-bugs->apache
> Responsible-Changed-By: edwin
> Responsible-Changed-When: Fri May 13 09:10:28 UTC 2011
> Responsible-Changed-Why:
> Over to maintainer (via the GNATS Auto Assign Tool)
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=156997
Note: this should probably be modified to refer to devel/apr* (I'm not
sure which port; apr0, apr1, or apr2 -- or maybe all of them), which is
what the Apache port relies on.
The security hole appears to be in apr_fnmatch(), so ultimately what
needs to be fixed is/are the apr port(s).
https://lwn.net/Articles/442625/
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP 4BD6C0CB |
More information about the freebsd-apache
mailing list