robert delius royar <apple@frinabulax.org> on Sunday, April 29, 2007 at 7:58 AM -0800 wrote:
% port info mod_perl mod_perl 1.29, Revision 2, www/mod_perl (Variants: universal, darwin_6) http://perl.apache.org/
{Embeds a Perl interpreter in the Apache 1.3 server}
Library Dependencies: perl5.8, apache Platforms: darwin freebsd Maintainers: bchesneau@mac.com
Note that mod_perl 1.29 is susceptable to a moderately critical DoS attack as is mod_perl 2.0.2. See http://search.cpan.org/~gozer/mod_perl-1.30/Changes SECURITY: CVE-2007-1349 (cve.mitre.org) fix unescaped variable interpolation in Apache::PerlRun regular expression to prevent regex engine tampering. reported by Alex Solovey [Randal L. Schwartz <merlyn@stonehenge.com>, Fred Moyer <fred@redhotpenguin.com>]
Both have been upgraded to versions greater than are found in macports. The upgrade from MP 1.29 to 1.30 is trivial--requiring a checksum change and the version change.
I just upgraded them to 1.30 and 2.0.3. They had outstanding tickets that I closed also so the maintainer is not listening anymore. Mark