httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: VUDDY: unpatched CVEs in apache httpd
Date Wed, 24 May 2017 15:44:27 GMT


Am 24.05.2017 um 17:02 schrieb William A Rowe Jr:
> apr-util 1.6.0 will ship without an embedded copy of the expat software.
> 
> Obtaining expat and keeping it refreshed and up to date with respect
> to security patches will become an exercise for the user/admin/vendor.
> 
> This is scheduled for "RSN" - real soon now

and why does it need to be an embedded copy?
bundle libraries is the start of all evil

[root@buildserver:~]$ rpm -qa |grep expat
expat-2.1.1-2.fc24.x86_64
expat-devel-2.1.1-2.fc24.x86_64



Mime
View raw message