On Thu, Sep 18, 2003 at 04:13:00PM -0500, Dennis Wicks wrote: > Silly me! I thought it would be named mod_ssl! > No hits on debian.org for anything by that name!
http://packages.debian.org/cgi-bin/search_packages.pl?keywords=mod_ssl&searchon=all&subword=1&version=stable&release=all I went to packages.debian.org, typed "mod_ssl" into the search box and checked "descriptions". > No, I don't care about version numbers per se, but between mod_ssl for > Apache 1.3.26 and the current one for Apache 1.3.28 there have been > several bugfixes and one security fix, so why would anyone install the old > one that has bugs and security problems, especially when the package is a > security feature??? You mean this security fix? dijkstra:[/tmp/libapache-mod-ssl-2.8.9] head debian/changelog libapache-mod-ssl (2.8.9-2.1) stable-security; urgency=high * Non-maintainer upload by Security Team * Applied patch from Joe Orton to fix cross site scripting through hostnames (CAN-2002-1157) -- Martin Schulze <[EMAIL PROTECTED]> Tue, 15 Oct 2002 21:05:37 +0200 Which is included in Debian woody? This is another version-number misunderstanding which is addressed by the security team FAQ: http://www.debian.org/security/faq#version -- - mdz
