macports apache2 CVE-2009-3555?
Todd Fleisher
todd at tokoni.com
Tue Nov 17 14:02:42 PST 2009
Ah, appears I was looking under the wrong rock. Thanks!
-T
On Nov 17, 2009, at 12:39 PM, Daniel J. Luke wrote:
> On Nov 17, 2009, at 3:18 PM, Todd Fleisher wrote:
>> Greetings,
>> I'm wondering if the the macports apache2 port has been patched in any way for CVE-2009-3555?
>>
>>> From the Debian security list:
>> "As a partial mitigation against this attack, this apache2 update
>> disables client-initiated renegotiations. This should fix the
>> vulnerability for the majority of Apache configurations in use."
>
> It looks like Debian decided to do that instead of shipping a new openssl. See also:
>
> http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
>
> MacPorts has openssl 0.9.8l
> --
> Daniel J. Luke
> +========================================================+
> | *---------------- dluke at geeklair.net ----------------* |
> | *-------------- http://www.geeklair.net -------------* |
> +========================================================+
> | Opinions expressed are mine and do not necessarily |
> | reflect the opinions of my employer. |
> +========================================================+
>
>
>
>
More information about the macports-users
mailing list