Greetings, I recently underwent an audit of my OpenBSD 3.8 systems and the audit report identified CVE-2004-0700 (mod-proxy/mod_ssl format string vulnerability) as a potential risk. Given the age of the problem and the proactive patching stance of OpenBSD, I suspect this has been fixed for some time. However, I can't find any reliable information correlating CVE or other general vulnerability records with a specific OpenBSD patch or fix. I have searched the mailing list archives for both security announcements and code updates but have not found any conclusive documentation indicating this vulnerability is not relevant or was fixed.
Does OpenBSD provide any authoritative reference as to which vulnerabilities are corrected by which patches? What is the most effective way to find this information if no such reference exists? I apologize if this question has been answered elsewhere. I have spent some time searching with no success. Cheers, Dan
