In the event someone hasn't already pointed this out, there doesn't appear to be patch for CAN-2004-0488 (buffer overrun in mod_ssl) in Apache 2.0.50 as indicated on http://httpd.apache.org.
I quote:
"This Announcement notes the significant changes in 2.0.50 as compared to 2.0.49."
"Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a (trusted) client
certificate subject DN which exceeds 6K in length.| [CAN-2004-0488 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488>]"|
mod_ssl doesn't change when upgrading from Apache 2.0.49 to Apache 2.0.50.
