On Nov 17, 2009, at 3:18 PM, Todd Fleisher wrote: > Greetings, > I'm wondering if the the macports apache2 port has been patched in any way > for CVE-2009-3555? > >> From the Debian security list: > "As a partial mitigation against this attack, this apache2 update > disables client-initiated renegotiations. This should fix the > vulnerability for the majority of Apache configurations in use."
It looks like Debian decided to do that instead of shipping a new openssl. See also: http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 MacPorts has openssl 0.9.8l -- Daniel J. Luke +========================================================+ | *---------------- [email protected] ----------------* | | *-------------- http://www.geeklair.net -------------* | +========================================================+ | Opinions expressed are mine and do not necessarily | | reflect the opinions of my employer. | +========================================================+ _______________________________________________ macports-users mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
