Re: Apache Vulnerabilities
On Tue, Apr 13, 2004 at 08:09:54PM +0200, Fran?ois TOURDE wrote:
> Le 12521i?me jour apr?s Epoch,
> peace bwitchu ?crivait:
>
> > Is apache and apache-ssl susceptible to the latest
> > vulnerabilities released on bugtraq?
> >
> > http://www.securityfocus.com/bid/8911/info/
>
> Try 'apache -v' or 'apache-ssl -v' and check it yourself ...
>
> For infos: 1.3.29 and 2.0.48 are safe. And I run 1.3.29 ... Pfou...
Err, in Debian, security fixes are backported... So a lower version
number doesn't mean the hole isn't fixed.
But in this case, in the opinion of Apache's maintainers, this hole
isn't worth a fix. See this message:
http://lists.debian.org/debian-security/2003/debian-security-200310/msg00226.html
(and the thread it is in)
A simply google query for the CAN number would have showed you that
thread as the second hit (even without specifying 'Debian').
See also #218188
--Jeroen
--
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl
Reply to: