Ah, appears I was looking under the wrong rock. Thanks! -T
On Nov 17, 2009, at 12:39 PM, Daniel J. Luke wrote: > On Nov 17, 2009, at 3:18 PM, Todd Fleisher wrote: >> Greetings, >> I'm wondering if the the macports apache2 port has been patched in any way >> for CVE-2009-3555? >> >>> From the Debian security list: >> "As a partial mitigation against this attack, this apache2 update >> disables client-initiated renegotiations. This should fix the >> vulnerability for the majority of Apache configurations in use." > > It looks like Debian decided to do that instead of shipping a new openssl. > See also: > > http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 > > MacPorts has openssl 0.9.8l > -- > Daniel J. Luke > > +========================================================+ > > | *---------------- [email protected] ----------------* | > > | *-------------- http://www.geeklair.net -------------* | > > +========================================================+ > > | Opinions expressed are mine and do not necessarily | > > | reflect the opinions of my employer. | > > +========================================================+ > > > > _______________________________________________ macports-users mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
