[MacPorts] #38452: PHP code disclosure vulnerability with apache2 and other web servers (was: Apache on HFS Critical Security Issue)
Daniel J. Luke
dluke at geeklair.net
Fri Mar 22 07:08:41 PDT 2013
On Mar 21, 2013, at 6:14 PM, Ryan Schmidt <ryandesign at macports.org> wrote:
> On Mar 21, 2013, at 11:53, Bradley Giesbrecht wrote:
>> Compiling and installing mod_hfs_apple.so from here did not work for me:
>> http://opensource.apple.com/source/apache_mod_hfs_apple/apache_mod_hfs_apple-11/
>>
>> However, copying Apples mod_hfs_apple.so from a Mac OS X Server does appear to solve the problem.
>
> I'm not surprised, since the vulnerability was reported this year, and the above code was last modified in 2011.
>
> https://trac.macports.org/ticket/38452#comment:11
Can we maybe find out if a newer version of mod_hfs_apple is in the process of being posted to opensource.apple.com? (and then get a portfile written for it?)
--
Daniel J. Luke
+========================================================+
| *---------------- dluke at geeklair.net ----------------* |
| *-------------- http://www.geeklair.net -------------* |
+========================================================+
| Opinions expressed are mine and do not necessarily |
| reflect the opinions of my employer. |
+========================================================+
More information about the macports-dev
mailing list