On Fri, Jul 28, 2006 at 05:06:38PM +0200, Daniel Leidert wrote: > The latest release notes [1] of apache 1.3.37, 2.0.59 and 2.2.3 contains a > note, about an off-by-one flaw (CVE-2006-3747 [2]). > > [1] http://www.apache.org/dist/httpd/Announcement2.2.html > [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747 > > Please check, if the Debian package(s) is/are vulnerable.
apache + apache2 packages are affected. DSA in preparation. Thanks for the report. (Please see also #380182) Steve --
signature.asc
Description: Digital signature