Return-Path: 
 <dev-return-41456-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 6960 invoked from network); 9 Mar 2004 16:28:18 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 9 Mar 2004 16:28:18 -0000
Received: (qmail 96936 invoked by uid 500); 9 Mar 2004 16:28:02 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 96887 invoked by uid 500); 9 Mar 2004 16:28:02 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 96859 invoked from network); 9 Mar 2004 16:28:01 -0000
Received: from unknown (HELO ussvs-mta2.amer.borl.net) (143.186.72.59)
  by daedalus.apache.org with SMTP; 9 Mar 2004 16:28:01 -0000
Received: from USCUS-MAIL01.amer.borl.net ([143.186.79.38]) by
 ussvs-mta2.amer.borl.net with Microsoft SMTPSVC(6.0.3790.0);
	 Tue, 9 Mar 2004 08:28:04 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: mod_ssl fix for PR# 27106
Date: Tue, 9 Mar 2004 08:28:03 -0800
Message-ID: 
 <E830E4A78E28F3439B2CA005CC26DDEF5B2A6E@USCUS-MAIL01.amer.borl.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: mod_ssl fix for PR# 27106
Thread-Index: AcQF4OMlHsPKY5xjQySWowiNFONLnAAEoOug
From: "Andy Cutright" <Andy.Cutright@borland.com>
To: "Joe Orton" <jorton@redhat.com>
Cc: <dev@httpd.apache.org>
X-OriginalArrivalTime: 09 Mar 2004 16:28:04.0483 (UTC)
 FILETIME=[7F573530:01C405F3]
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

thanks,

andy =20

> -----Original Message-----
> From: Joe Orton [mailto:jorton@redhat.com]=20
> Sent: Tuesday, March 09, 2004 6:14 AM
> To: Andy Cutright
> Cc: dev@httpd.apache.org
> Subject: Re: mod_ssl fix for PR# 27106
>=20
> On Mon, Mar 08, 2004 at 02:47:10PM -0800, Andy Cutright wrote:
> > apacheweek has announced a vulnerability:
> >=20
> > http://www.apacheweek.com/features/security-20
> >=20
> > the bugzilla problem report indicates this diff fixes the problem:=20
> >=20
> >=20
> http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_en
> gine_io.c?
> > r1=3D1.117&r2=3D1.118
> >=20
> > recent email on the dev list includes -two- diffs under the=20
> PR report:=20
> ...
> > can someone please tell me if i need both of the patches or=20
> only one? if
> > i need both patches, is the bugzilla report wrong? my=20
> source code base
> > is the 2.0.48 release.=20
>=20
> Use both the patches or just fetch the backported patch which includes
> both changes:
>=20
> http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_en
> gine_io.c?r1=3D1.100.2.11&r2=3D1.100.2.12
>=20
> joe
>=20