Hi, I noticed this discussion with some interest, as I was wondering too about the Apache issues. Are all Debian Apache versions built off the same tree? Ie: If I'm running Apache-SSL instead of Apache, does that mean all the same "not vulnerable" applies? And, is there anywhere stated why Debian is not vulnerable? That would be somewhat more reassuring to me at least. Thanks, -- adam