Re: Apache-SSL and DSA-532
On Mon, Jul 26, 2004 at 11:15:02 +0100, Chris Morris wrote:
> DSA-532 contained:
> >Package : libapache-mod-ssl
> >CVE Ids : CAN-2004-0488 CAN-2004-0700
> Is apache-ssl also vulnerable to these?
In all likeliness, no. See http://www.apache-ssl.org/#mod_ssl .
The apache-ssl source does not appear to contain the vulnerable
"ssl_util_uuencode_binary" function (CAN-2004-0488) nor the vulnerable
"ssl_log" function (CAN-2004-0700), and none of the advisories for these
issues hints at problems with apache-ssl.
RUMOUR Believe all you hear. Your world may not be a better one than the one
the blocks live in but it'll be a sight more vivid.
- The Hipcrime Vocab by Chad C. Mulligan