httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edward Rudd <ed...@omegaware.com>
Subject Re: http://httpd.apache.org/ note about 2.0.50
Date Fri, 02 Jul 2004 03:48:30 GMT
On Thu, 01 Jul 2004 00:51:49 -0500, Albert Chin wrote:

> On Wed, Jun 30, 2004 at 10:59:01PM -0500, Edward Rudd wrote:
> Ok, thanks. I presume the patch below fixes CAN-2004-0488. According
> to the description for CAN-2004-0488, the buffer overflow is in
> ssl_util_uuencode_binary(), found in ssl_util.c. However, ssl_utils.c
> has remained virtually the same between 2.0.48 and 2.0.50.

http://www.securityfocus.com/bid/10355/solution/

it's in the ssl_engine_kernel.c from revision 1.105 to 1.106



Mime
View raw message