httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <>
Subject Re: VUDDY: unpatched CVEs in apache httpd
Date Wed, 24 May 2017 15:44:27 GMT

Am 24.05.2017 um 17:02 schrieb William A Rowe Jr:
> apr-util 1.6.0 will ship without an embedded copy of the expat software.
> Obtaining expat and keeping it refreshed and up to date with respect
> to security patches will become an exercise for the user/admin/vendor.
> This is scheduled for "RSN" - real soon now

and why does it need to be an embedded copy?
bundle libraries is the start of all evil

[root@buildserver:~]$ rpm -qa |grep expat

View raw message