web server: macports vs. mac osx server
markd at macports.org
markd at macports.org
Sun Apr 29 15:39:22 PDT 2007
robert delius royar <apple at frinabulax.org> on Sunday, April 29, 2007 at
7:58 AM -0800 wrote:
>% port info mod_perl
>mod_perl 1.29, Revision 2, www/mod_perl (Variants: universal, darwin_6)
>http://perl.apache.org/
>
>{Embeds a Perl interpreter in the Apache 1.3 server}
>
>Library Dependencies: perl5.8, apache
>Platforms: darwin freebsd
>Maintainers: bchesneau at mac.com
>
>Note that mod_perl 1.29 is susceptable to a moderately critical DoS
>attack as is mod_perl 2.0.2. See
>http://search.cpan.org/~gozer/mod_perl-1.30/Changes
>SECURITY: CVE-2007-1349 (cve.mitre.org) fix unescaped variable
>interpolation in Apache::PerlRun regular expression to prevent regex
>engine tampering. reported by Alex Solovey [Randal L. Schwartz
><merlyn at stonehenge.com>, Fred Moyer <fred at redhotpenguin.com>]
>
>Both have been upgraded to versions greater than are found in macports.
>The upgrade from MP 1.29 to 1.30 is trivial--requiring a checksum change
>and the version change.
I just upgraded them to 1.30 and 2.0.3. They had outstanding tickets that
I closed also so the maintainer is not listening anymore.
Mark
More information about the macports-users
mailing list