Is there any chance the fix for security vulnerability CVE-2008-2364 ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364) will be back ported to Apache 2.0.x? The reason I ask is because this particular security vulnerability is missing from the Apache 2.0 list of security vulnerabilities (http://httpd.apache.org/security/vulnerabilities_20.html ). Someone did however point me to following location ( http://www.apache.org/dist/httpd/patches/apply_to_2.0.63/) for an Apache 2.0.x patch.
- Fix for CVE-2008-2364 for httpd 2.0.64-dev Ryan Watkins
- Re: Fix for CVE-2008-2364 for httpd 2.0.64-dev Ruediger Pluem