Re: Apache-SSL and DSA-532

To: Debian Security List <debian-security@lists.debian.org>
Subject: Re: Apache-SSL and DSA-532
From: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>
Date: Mon, 26 Jul 2004 19:11:30 +0200
Message-id: <[🔎] 20040726171130.GB29453@xinara.org>
Mail-followup-to: Debian Security List <debian-security@lists.debian.org>
In-reply-to: <[🔎] Pine.LNX.4.60.0407261112190.6062@localhost>
References: <[🔎] Pine.LNX.4.60.0407261112190.6062@localhost>

On Mon, Jul 26, 2004 at 11:15:02 +0100, Chris Morris wrote:
> DSA-532 contained:
> >Package        : libapache-mod-ssl

> >CVE Ids        : CAN-2004-0488 CAN-2004-0700
> 
> Is apache-ssl also vulnerable to these?

In all likeliness, no. See http://www.apache-ssl.org/#mod_ssl .

The apache-ssl source does not appear to contain the vulnerable
"ssl_util_uuencode_binary" function (CAN-2004-0488) nor the vulnerable
"ssl_log" function (CAN-2004-0700), and none of the advisories for these
issues hints at problems with apache-ssl.

HTH,
Ray
-- 
RUMOUR  Believe all you hear. Your world may not be a better one than the one
the blocks live in but it'll be a sight more vivid.
    - The Hipcrime Vocab by Chad C. Mulligan

Reply to:

References:
- Apache-SSL and DSA-532
  - From: Chris Morris <cim@durge.org>

Prev by Date: Re: preventing /dev/kmem and /dev/mem writes?
Next by Date: Re: Apache-SSL and DSA-532
Previous by thread: Apache-SSL and DSA-532
Next by thread: Re: Apache-SSL and DSA-532
Index(es):
- Date
- Thread