httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: Fix for CVE-2008-2364 for httpd 2.0.64-dev
Date Thu, 15 Oct 2009 19:29:26 GMT


On 10/15/2009 12:05 AM, Ryan Watkins wrote:
> Is there any chance the fix for security vulnerability CVE-2008-2364 (
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364) will be back 
> ported to Apache 2.0.x?  The reason I ask is because this particular 
> security vulnerability is missing from the Apache 2.0 list of security 
> vulnerabilities (http://httpd.apache.org/security/vulnerabilities_20.html
> ).  Someone did however point me to following location (
> http://www.apache.org/dist/httpd/patches/apply_to_2.0.63/) for an Apache 
> 2.0.x patch. 
> 

IMHO a 2.0.64 will not happen any time soon and there is already a backport
for this issue at http://www.apache.org/dist/httpd/patches/apply_to_2.0.63/
as you say correctly. So you would need to apply this patch by yourself and
then compile 2.0.63.

Regards

RĂ¼diger

Mime
View raw message