perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: Vulnerability ?
Date Wed, 06 May 2009 12:28:03 GMT
On Wed, May 6, 2009 at 7:40 AM, Francois Pernet <Francois.Pernet@idsa.ch>wrote:

>  Hi,
>
> We have received the following vulnerability report:
> http://www.securityfocus.com/bid/23192/info
>
> I read the changes for the mod_perl versions but did not find anything
> really clear. We are using mod_perl version 2.0.3 compiled for Suse linux
> enterprise server 10 sp2 used with apache 2.0.x compiled also (we are not
> using rpm versions of these packages).
>
> Can somebody clarify if the vulnerability still present in version 2.0.3
> and if we are obliged to move to version 2.0.4 ?
>

As listed on that securityfocus page, the CVE number is CVE-2007-1349.
 Checking the Changes files for 2.0.3 and 2.0.4, you'll see that 2.0.4 has a
fix for that CVE but 2.0.3 doesn't.  So 2.0.3 is vulnerable.

Mime
View raw message