On 2 Sep 2011 00:52, "Doug Barton" <do...@freebsd.org> wrote: > > On 09/01/2011 12:47, Chris Rees wrote: > > On 1 September 2011 20:42, Andrey Chernov <a...@freebsd.org> wrote: > >> On Thu, Sep 01, 2011 at 07:06:27PM +0000, Chris Rees wrote: > >>> crees 2011-09-01 19:06:27 UTC > >>> > >>> FreeBSD ports repository > >>> > >>> Modified files: > >>> security/vuxml vuln.xml > >>> Log: > >>> Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected. > >>> > >> > >> According to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 > >> 1.3 _is_ affected and there will be no fix for 1.3: > >> "Note that, while popular, Apache 1.3 is deprecated." (from > >> announce@httpd advisory about ranges bug). > >> > > > > Yeah, there's an update from yesterday at > > > > https://people.apache.org/~dirkx/CVE-2011-3192.txt > > > > Perhaps I should have put the link rather than the CVE name, sorry. > > > > Although there's a problem with apache13, it's no longer a > > showstopper, just causes slowdowns. > > Isn't encouraging people to move away from 1.3 a good thing, regardless?
I don't see how exaggerating a problem and giving apache13 users perpetual daily whines from portaudit is constructive or fair. Chris _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscr...@freebsd.org"
