httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: [users@httpd] RE: [ANNOUNCE] Apache HTTP Server 2.4.29 Released
Date Wed, 25 Oct 2017 22:46:14 GMT
Actually, that was in APR-util 1.6.1, see the APR release announcement
and Craig's
users@httpd post.



On Wed, Oct 25, 2017 at 4:02 PM, Craig Young <cyoung@tripwire.com> wrote:
> I’m not sure if this is what is referred to in the Apache 2.4.29 announcement, but
please note that the Apache Portable Runtime v1.6.3 release resolved memory safety issues
I found in functions used within HTTP server.  This was released in conjunction with 2.4.29.
>
> Using HTTP server linked to prior versions of APR exposes the risks outlined in my email
sent to this list on Monday.
>
> Best Regards,
> Craig
>
> On 10/25/17, 1:05 PM, "Development Manager" <devmanager@speedlinesolutions.com>
wrote:
>
>     The 2.4.29 changes document doesn't reference any CVE articles, though the announcement
indicates that this is a security release. Are any of the 2.4.29 changes security related?
>
>     Thanks,
>     Jim
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     For additional commands, e-mail: users-help@httpd.apache.org
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message