Re: [Fwd: [Bulletins] Apache httpd, strongSwan, Openswan, FreeS/WAN ...]

[Mezig <nissuacfeneyrol@free.fr>]

J.H.M. Dassen (Ray) wrote:

> > 29.06.2004 : Apache httpd 2.0.49 Apache Input Header DoS Vulnerability
> >    
> >
> > http://www.k-otik.net/bugtraq/06292004.Apache.php
> >    
> That page identifies the issue as CAN-2004-0493 which was fixed in sid's
> apache2 2.0.50-1 packages. (Stable is unaffected as it doesn't have apache2
> packages)
>  
>
> > 29.06.2004 : Multiple Products X.509 Certificates Validation Vuln.
> >    
> >
> > http://www.k-otik.net/bugtraq/06292004.X509.php
> >    
>
> CAN-2004-0590. This doesn't affect stable (see
> http://www.debian.org/security/nonvulns-woody). For sid's openswan it's
> been fixed in 2.1.3-1 (see the logs of http://bugs.debian.org/256391). For
> sid's freeswan it's been fixed in 2.04-10 (see that package's changelog).
>
> HTH,
> Ray
>  
Tks for your answer :)!

I was First anxious, about the topic of the advise and second, about the 
fact than a external advisory-compagny could inform the user's comunity 
about such a dommageable thing, for our community :( !

I try to stay awised, and else ask for information around me usually.., 
but i'm not yet on teh top, to follow BTS and changelogs, sorry :( !

As you don't talk about testing, i suppose, than its out topic, cause 
indeed she use the last package :) ?

Does it worth, from you to reply them, for the Debian and Appache image.. ?

Thanks a lot

Mi