httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matus UHLAR - fantomas <>
Subject [users@httpd] Re: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released
Date Wed, 20 Oct 2010 06:44:43 GMT
On 19.10.10 11:27, William A. Rowe Jr. wrote:
> Subject: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released

>    The Apache Software Foundation and the Apache HTTP Server Project are
>    pleased to announce the release of version 2.2.17 of the Apache HTTP
>    Server ("Apache").  This version of Apache is principally a bug fix
>    release, and a security fix release of the APR-util 1.3.10 dependency;
>      * SECURITY: CVE-2010-1623 (
>        Fix a denial of service attack against apr_brigade_split_line().
>      * SECURITY: CVE-2009-3560, CVE-2009-3720 (
>        Fix two buffer over-read flaws in the bundled copy of expat which
>        could cause httpd to crash while parsing specially-crafted
>        XML documents.

does this mean that if I have apache compiled with external
apr-util-1.3.10 and external expat, I am safe?

Matus UHLAR - fantomas, ;
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message