On 27/03/2018 13:52, Bernard Spil wrote: > Hi all, > > Just noticed that the Apache project has removed the patches they had > for 2.2.34. > > http://www.apache.org/dist/httpd/patches/apply_to_2.2.34/ > > Combined with the security update of 2.4 branch to 2.4.33 leads me to > believe that Apache 2.2 is now vulnerable and no patches will be provided. > > If someone wishes to step up and get patches for 2.2 from e.g. RedHat, > we may be able to keep the port alive for a bit longer. If no one steps > up, I see no other way forward than to delete the port as indicated by > the DEPRECATED variable and expiration date 2017-07-01 since July 2016. >
While I agree that apache 2.2 is now firmly dead, they moved the patches for 2.2.34 to https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/ , however no new patches for the recent CVEs were added. Vince > Cheers, > > Bernard. > _______________________________________________ > freebsd-ports@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
