On Tue, Apr 13, 2004 at 08:09:54PM +0200, Fran?ois TOURDE wrote: > Le 12521i?me jour apr?s Epoch, > peace bwitchu ?crivait: > > > Is apache and apache-ssl susceptible to the latest > > vulnerabilities released on bugtraq? > > > > http://www.securityfocus.com/bid/8911/info/ > > Try 'apache -v' or 'apache-ssl -v' and check it yourself ... > > For infos: 1.3.29 and 2.0.48 are safe. And I run 1.3.29 ... Pfou...
Err, in Debian, security fixes are backported... So a lower version number doesn't mean the hole isn't fixed. But in this case, in the opinion of Apache's maintainers, this hole isn't worth a fix. See this message: http://lists.debian.org/debian-security/2003/debian-security-200310/msg00226.html (and the thread it is in) A simply google query for the CAN number would have showed you that thread as the second hit (even without specifying 'Debian'). See also #218188 --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl
