httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <>
Subject Re: VUDDY: unpatched CVEs in apache httpd
Date Wed, 24 May 2017 17:16:51 GMT

Am 24.05.2017 um 19:12 schrieb Eric Covener:
> On Wed, May 24, 2017 at 1:05 PM, Reindl Harald <> wrote:
>> than also the source should not be bundeled and instead a requirement to
>> have it installed for build
> Already covered ITT: "apr-util 1.6.0 will ship without an embedded
> copy of the expat software."

sorry, i missed the "without" and "Obtaining expat and keeping it 
refreshed and up to date with respect to security patches will become an 
exercise for the user/admin/vendor" sound typically more like the usual 
problem of httpd, php and others having burried a random version inside 
the soorce tarball

for user/admin/vendor it's nothing different than any of the other 
undrets to thousands of packages on their system "yum/dnf upgrade, 
apt-get upgrade.." and now they *really* are up-to-date

View raw message