From kjm@ideon.st.ryukoku.ac.jp  Wed Sep 29 02:34:42 2004
Return-Path: <kjm@ideon.st.ryukoku.ac.jp>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 05D3616A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Sep 2004 02:34:42 +0000 (GMT)
Received: from souryu.st.ryukoku.ac.jp (souryu.st.ryukoku.ac.jp [133.83.4.51])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AE4B343D31
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Sep 2004 02:34:40 +0000 (GMT)
	(envelope-from kjm@ideon.st.ryukoku.ac.jp)
Received: from localhost (localhost.st.ryukoku.ac.jp [127.0.0.1])
	by souryu.st.ryukoku.ac.jp (Postfix) with ESMTP id 09489133E3
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Sep 2004 11:34:38 +0900 (JST)
Received: from ideon.st.ryukoku.ac.jp (ideon.st.ryukoku.ac.jp [133.83.36.5])
	by souryu.st.ryukoku.ac.jp (Postfix) with ESMTP id 2001C133D6
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Sep 2004 11:34:33 +0900 (JST)
Received: from ideon.st.ryukoku.ac.jp (ActionKamen@localhost [127.0.0.1])
	by ideon.st.ryukoku.ac.jp (8.12.8p2/8.12.8) with ESMTP id i8T2YW5Q039814
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Sep 2004 11:34:33 +0900 (JST)
	(envelope-from kjm@ideon.st.ryukoku.ac.jp)
Received: (from kjm@localhost)
	by ideon.st.ryukoku.ac.jp (8.12.8p2/8.12.8/Submit) id i8T2YWnj039813;
	Wed, 29 Sep 2004 11:34:32 +0900 (JST)
	(envelope-from kjm)
Message-Id: <200409290234.i8T2YWnj039813@ideon.st.ryukoku.ac.jp>
Date: Wed, 29 Sep 2004 11:34:32 +0900 (JST)
From: KOJIMA Hajime <kjm@rins.ryukoku.ac.jp>
Reply-To: KOJIMA Hajime <kjm@rins.ryukoku.ac.jp>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: vuln.xml bug - CAN-2004-0492 vulnerability was fixed already in apache-1.3.31_1. 
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         72161
>Category:       ports
>Synopsis:       vuln.xml bug - CAN-2004-0492 vulnerability was fixed already in apache-1.3.31_1.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    trhodes
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 29 02:40:26 GMT 2004
>Closed-Date:    Wed Sep 29 16:55:35 GMT 2004
>Last-Modified:  Wed Sep 29 16:55:35 GMT 2004
>Originator:     KOJIMA Hajime
>Release:        FreeBSD 4.8-RELEASE-p24 i386
>Organization:
Ryukoku University 
>Environment:
System: FreeBSD ideon.st.ryukoku.ac.jp 4.8-RELEASE-p24 FreeBSD 4.8-RELEASE-p24 #5: Sat Jul 17 01:39:47 JST 2004 kjm@ideon.st.ryukoku.ac.jp:/usr/obj/usr/src/sys/IDEON-48 i386


	
>Description:
	
  portaudit: apache -- heap overflow in mod_proxy

http://www.FreeBSD.org/ports/portaudit/ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93.html

  shows as "Affects: apache <=1.3.31_6", but
  CAN-2004-0492 vulnerability was fixed already in apache-1.3.31_1.

  portaudit uses this data, and I cannot install "www/apache13" port.

>How-To-Repeat:
	
  http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/apache13/Makefile?rev=1.151&content-type=text/x-cvsweb-markup
	
>Fix:

  change vuln.xml from:

  <vuln vid="ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93">
    <topic>apache -- heap overflow in mod_proxy</topic>
    <affects>
      <package>
        <name>apache</name>
        <range><le>1.3.31_6</le></range>
      </package>
    </affects>

  to:

  <vuln vid="ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93">
    <topic>apache -- heap overflow in mod_proxy</topic>
    <affects>
      <package>
        <name>apache</name>
        <range><lt>1.3.31_1</lt></range>
      </package>
    </affects>
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: trhodes 
State-Changed-When: Wed Sep 29 16:52:09 GMT 2004 
State-Changed-Why:  
Over to me, vuln updated, PR resolved, thanks. 


Responsible-Changed-From-To: freebsd-ports-bugs->trhodes 
Responsible-Changed-By: trhodes 
Responsible-Changed-When: Wed Sep 29 16:52:09 GMT 2004 
Responsible-Changed-Why:  
Over to me, vuln updated, PR resolved, thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=72161 
>Unformatted:
