--==_Exmh_-1016627792P Content-Type: text/plain; charset=us-ascii Hi all, There has been another vulnerability [1] discovered in apache2. This affects only version 2.0.51 (where it was introduced). The ports tree is frozen, pending 5.3-R, so I assume that an update of the apache2 port to 2.0.52 is not forthcoming any time soon. The question is this -- since the apache2 in the ports tree is 2.0.50 plus patches, does the version in the ports tree have this vulnerability? It seems that it only would if the patches to 2.0.50 introduced the vulnerability... Does anyone know? Thanks! --eli --==_Exmh_-1016627792P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQFBXHBcLTFEeF+CsrMRAjtmAJ9ClRARO8wY1TbRkr+pdhiGsEQf7ACfW8HO g4c92+XqeA75fQVTnuLu8i8= =XVxW -----END PGP SIGNATURE----- --==_Exmh_-1016627792P--