apache2 port

[Peter C. Lai]

if PORTVERSION isn't 2.0.51 then you shouldn't be getting anything in 2.0.51
(if you say the vulnerability was only introduced with 2.0.51).

This should really be in the ports@ list.

On Thu, Sep 30, 2004 at 02:02:32PM -0700, Eli Dart wrote:
> 
> In reply to "Peter C. Lai" <sirmoo at cowbert.net> :
> 
> > no. you can tell by PORTVERSION in the Makefile.
> 
> That still doesn't cover the case of the vulnerability being 
> introduced by the patch....
> 
> Unless I'm truly missing something....
> 
> 		--eli
> 
> 
> > 
> > On Thu, Sep 30, 2004 at 01:45:16PM -0700, Eli Dart wrote:
> > > Hi all,
> > > 
> > > There has been another vulnerability [1] discovered in apache2.  This 
> > > affects only version 2.0.51 (where it was introduced).  The ports 
> > > tree is frozen, pending 5.3-R, so I assume that an update of the 
> > > apache2 port to 2.0.52 is not forthcoming any time soon.
> > > 
> > > The question is this -- since the apache2 in the ports tree is 2.0.50 
> > > plus patches, does the version in the ports tree have this 
> > > vulnerability?  It seems that it only would if the patches to 2.0.50 
> > > introduced the vulnerability...  Does anyone know?
> > > 
> > > Thanks!
> > > 
> > > 		--eli
> > > 
> > > 
> > > 
> > > 
> > 
> > 
> > 
> > -- 
> > Peter C. Lai
> > University of Connecticut
> > Dept. of Molecular and Cell Biology
> > Yale University School of Medicine
> > SenseLab | Research Assistant
> > http://cowbert.2y.net/
> > 
> 
> 



-- 
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology
Yale University School of Medicine
SenseLab | Research Assistant
http://cowbert.2y.net/