[opensuse] Webserver version for opensuse.org
Hello Suse, after accessing https://www.opensuse.org/sdfg I got a 404 with a Apache Version 2.2.12: ===================================================== # Not Found # # The requested URL /sdfg was not found on this server. # # Additionally, a 404 Not Found error was encountered while # trying to use an ErrorDocument to # handle the request. # # ________________________________ # Apache/2.2.12 (Linux/SUSE) Server at www.opensuse.org Port 80 ====================================================== Is this the real version or a fake? The version 2.2.12 was released on 2009/07/28 and the Support for version 2.2.x was dropped by Apache, EOL is reached. from apache.org: ===================================================== # Apache httpd 2.2 End-of-Life 2018-01-01 # # As previously announced, the Apache HTTP Server # Project has discontinued all development and patch # review of the 2.2.x series of releases. # # The Apache HTTP Server Project had long committed # to provide maintenance releases of the 2.2.x flavor # through June of 2017, # and to continue to publish some security source # code patches until December of 2017. The final # release 2.2.34 was published in July 2017, and no # further evaluation of security risks will be # published for 2.2.x releases. ===================================================== Kindly regards, Meike -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Meike Stone wrote:
Hello Suse,
after accessing https://www.opensuse.org/sdfg I got a 404 with a Apache Version 2.2.12:
[snip]
Is this the real version or a fake?
That is no doubt the real version. -- Per Jessen, Zürich (0.0°C) Member, openSUSE Heroes. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
2018-03-19 19:05 GMT+01:00 Per Jessen <per@computer.org>:
Meike Stone wrote:
Hello Suse,
after accessing https://www.opensuse.org/sdfg I got a 404 with a Apache Version 2.2.12:
[snip]
Is this the real version or a fake?
That is no doubt the real version.
Can't believe, that they do that ..... https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/ver...
-- Per Jessen, Zürich (0.0°C) Member, openSUSE Heroes.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2018-03-19 at 19:26 +0100, Meike Stone wrote:
2018-03-19 19:05 GMT+01:00 Per Jessen <per@computer.org>:
Meike Stone wrote:
Hello Suse,
after accessing https://www.opensuse.org/sdfg I got a 404 with a Apache Version 2.2.12:
[snip]
Is this the real version or a fake?
That is no doubt the real version.
Can't believe, that they do that ..... https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/ver...
No, that info is not valid for SUSE nor openSUSE. Security patches are backported to the distributed version, so that it is not vulnerable to the issues that the upstream release is. You have to check each vulnerability against the patch list by SUSE. - -- Cheers, Carlos E. R. (from openSUSE 42.3 x86_64 "Malachite" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlqxx+QACgkQtTMYHG2NR9XQ7gCeN0g5o/PznIfTTRzhbyHWeIDB iDcAn0MXqDTFa0jy+kNDhqSMx3Pw8Y7r =5xdA -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/ver...
No, that info is not valid for SUSE nor openSUSE.
Security patches are backported to the distributed version, so that it is not vulnerable to the issues that the upstream release is. You have to check each vulnerability against the patch list by SUSE.
But now, it is not possible anymore to backport, apache 2.2 is EOL since 3 month .... Meike -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Meike Stone wrote:
https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/ver...
No, that info is not valid for SUSE nor openSUSE.
Security patches are backported to the distributed version, so that it is not vulnerable to the issues that the upstream release is. You have to check each vulnerability against the patch list by SUSE.
But now, it is not possible anymore to backport, apache 2.2 is EOL since 3 month ....
And that means the sources vanish and cannot be changed anymore? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen composed on 2018-03-19 19:05 (UTC+0100):
Meike Stone wrote:
after accessing https://www.opensuse.org/sdfg I got a 404 with a Apache Version 2.2.12:
Is this the real version or a fake?
That is no doubt the real version.
Running on an old machine running an old SLES version for which Apache gets security patches from SUSE? -- "Wisdom is supreme; therefore get wisdom. Whatever else you get, get wisdom." Proverbs 4:7 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
Carlos E. R. -
Felix Miata -
Meike Stone -
Per Jessen -
Peter Suetterlin