macports apache2 CVE-2009-3555?
Daniel J. Luke
dluke at geeklair.net
Tue Nov 17 12:39:35 PST 2009
On Nov 17, 2009, at 3:18 PM, Todd Fleisher wrote:
> Greetings,
> I'm wondering if the the macports apache2 port has been patched in any way for CVE-2009-3555?
>
>> From the Debian security list:
> "As a partial mitigation against this attack, this apache2 update
> disables client-initiated renegotiations. This should fix the
> vulnerability for the majority of Apache configurations in use."
It looks like Debian decided to do that instead of shipping a new openssl. See also:
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
MacPorts has openssl 0.9.8l
--
Daniel J. Luke
+========================================================+
| *---------------- dluke at geeklair.net ----------------* |
| *-------------- http://www.geeklair.net -------------* |
+========================================================+
| Opinions expressed are mine and do not necessarily |
| reflect the opinions of my employer. |
+========================================================+
More information about the macports-users
mailing list