httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: http://httpd.apache.org/ note about 2.0.50
Date Thu, 01 Jul 2004 08:43:57 GMT
On Thu, Jul 01, 2004 at 12:51:49AM -0500, Albert Chin wrote:
> On Wed, Jun 30, 2004 at 10:59:01PM -0500, Edward Rudd wrote:
> > On Wed, 30 Jun 2004 20:58:32 -0500, Albert Chin wrote:
> > 
> > > If 2.0.50 addresses "one security vulnerability", why are two listed?
> > > I thought CAN-2004-0488 was for 1.3.x?
> >
> > Someone probably miscounted.. And CAN-2004-0488 applied to mod_ssl for
> > 1.3.x AND for mod_ssl in 2.0.x.
> 
> Ok, thanks. I presume the patch below fixes CAN-2004-0488.

Yes, that's right, ssl_engine_kernel.c r1.105->r1.106 is all that's
needed.

joe

Mime
View raw message