httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andy Cutright" <Andy.Cutri...@borland.com>
Subject RE: mod_ssl fix for PR# 27106
Date Tue, 09 Mar 2004 16:28:03 GMT
thanks,

andy  

> -----Original Message-----
> From: Joe Orton [mailto:jorton@redhat.com] 
> Sent: Tuesday, March 09, 2004 6:14 AM
> To: Andy Cutright
> Cc: dev@httpd.apache.org
> Subject: Re: mod_ssl fix for PR# 27106
> 
> On Mon, Mar 08, 2004 at 02:47:10PM -0800, Andy Cutright wrote:
> > apacheweek has announced a vulnerability:
> > 
> > http://www.apacheweek.com/features/security-20
> > 
> > the bugzilla problem report indicates this diff fixes the problem: 
> > 
> > 
> http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_en
> gine_io.c?
> > r1=1.117&r2=1.118
> > 
> > recent email on the dev list includes -two- diffs under the 
> PR report: 
> ...
> > can someone please tell me if i need both of the patches or 
> only one? if
> > i need both patches, is the bugzilla report wrong? my 
> source code base
> > is the 2.0.48 release. 
> 
> Use both the patches or just fetch the backported patch which includes
> both changes:
> 
> http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_en
> gine_io.c?r1=1.100.2.11&r2=1.100.2.12
> 
> joe
> 

Mime
View raw message