httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kenneth Simpson <...@VirtualMachines.COM>
Subject Apache 2.0.50 mod_ssl
Date Sun, 04 Jul 2004 21:05:51 GMT
In the event someone hasn't already pointed this out, there doesn't appear
to be patch for CAN-2004-0488  (buffer overrun in mod_ssl) in Apache 2.0.50
as indicated on http://httpd.apache.org.

I quote:

"This Announcement notes the significant changes in 2.0.50 as compared 
to 2.0.49."

"Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a 
(trusted) client
certificate subject DN which exceeds 6K in length.| [CAN-2004-0488 
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488>]"|

mod_ssl doesn't change when upgrading from Apache 2.0.49 to Apache 2.0.50.




Mime
View raw message