[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache-SSL and DSA-532

On Mon, Jul 26, 2004 at 11:15:02 +0100, Chris Morris wrote:
> DSA-532 contained:
> >Package        : libapache-mod-ssl

> >CVE Ids        : CAN-2004-0488 CAN-2004-0700
> Is apache-ssl also vulnerable to these?

In all likeliness, no. See http://www.apache-ssl.org/#mod_ssl .

The apache-ssl source does not appear to contain the vulnerable
"ssl_util_uuencode_binary" function (CAN-2004-0488) nor the vulnerable
"ssl_log" function (CAN-2004-0700), and none of the advisories for these
issues hints at problems with apache-ssl.

RUMOUR  Believe all you hear. Your world may not be a better one than the one
the blocks live in but it'll be a sight more vivid.
    - The Hipcrime Vocab by Chad C. Mulligan

Reply to: