[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Installing PHP4

On Thu, Sep 18, 2003 at 04:13:00PM -0500, Dennis Wicks wrote:

> Silly me! I thought it would be named mod_ssl!
> No hits on debian.org for anything by that name!


I went to packages.debian.org, typed "mod_ssl" into the search box and
checked "descriptions".

> No, I don't care about version numbers per se, but between mod_ssl for
> Apache 1.3.26 and the current one for Apache 1.3.28 there have been
> several bugfixes and one security fix, so why would anyone install the old
> one that has bugs and security problems, especially when the package is a
> security feature???

You mean this security fix?

dijkstra:[/tmp/libapache-mod-ssl-2.8.9] head debian/changelog 
libapache-mod-ssl (2.8.9-2.1) stable-security; urgency=high

  * Non-maintainer upload by Security Team
  * Applied patch from Joe Orton to fix cross site scripting through
    hostnames (CAN-2002-1157)

 -- Martin Schulze <joey@infodrom.org>  Tue, 15 Oct 2002 21:05:37 +0200

Which is included in Debian woody?  This is another version-number
misunderstanding which is addressed by the security team FAQ:


 - mdz

Reply to: