[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#381376: Status of CVE-2006-3918 #381376

On Saturday 09 September 2006 12:35, Loïc Minier wrote:
>  I think only apache was uploaded for CVE-2006-3918, and not
> apache2. Do you intend to issue a DSA for apache2 as well?  Or
> isn't it affected by the vulnerability?
>  This is fixed in apache2 >= 2.0.55-4.1 in unstable.

The issue is less severe for apache2 because it is much more difficult 
to exploit: apache2 will first wait for the request timeout (usually 
5 minutes) before sending the problematic error message.


Reply to: