Re: Apache Vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: Apache Vulnerabilities
From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Date: Tue, 13 Apr 2004 20:50:56 +0200
Message-id: <[🔎] 20040413185055.GZ10117@A-Eskwadraat.nl>
In-reply-to: <[🔎] 87k70j7nrh.fsf@fermat.localhost>
References: <[🔎] 20040413171326.13276.qmail@web13202.mail.yahoo.com> <[🔎] 87k70j7nrh.fsf@fermat.localhost>

On Tue, Apr 13, 2004 at 08:09:54PM +0200, Fran?ois TOURDE wrote:
> Le 12521i?me jour apr?s Epoch,
> peace bwitchu ?crivait:
> 
> > Is apache and apache-ssl susceptible to the latest
> > vulnerabilities released on bugtraq?
> >
> > http://www.securityfocus.com/bid/8911/info/
> 
> Try 'apache -v' or 'apache-ssl -v' and check it yourself ...
> 
> For infos: 1.3.29 and 2.0.48 are safe. And I run 1.3.29 ... Pfou...

Err, in Debian, security fixes are backported... So a lower version
number doesn't mean the hole isn't fixed.

But in this case, in the opinion of Apache's maintainers, this hole
isn't worth a fix. See this message:
http://lists.debian.org/debian-security/2003/debian-security-200310/msg00226.html

(and the thread it is in)

A simply google query for the CAN number would have showed you that
thread as the second hit (even without specifying 'Debian').

See also #218188

--Jeroen

-- 
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl

Reply to:

References:
- Apache Vulnerabilities
  - From: peace bwitchu <peacebwitchu@yahoo.com>
- Re: Apache Vulnerabilities
  - From: fra-ds-no-spam@tourde.org (François TOURDE)

Prev by Date: Re: Apache Vulnerabilities
Next by Date: automated response
Previous by thread: Re: Apache Vulnerabilities
Next by thread: Away from my mail
Index(es):
- Date
- Thread