On 10/15/2009 12:05 AM, Ryan Watkins wrote: > Is there any chance the fix for security vulnerability CVE-2008-2364 ( > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364) will be back > ported to Apache 2.0.x? The reason I ask is because this particular > security vulnerability is missing from the Apache 2.0 list of security > vulnerabilities (http://httpd.apache.org/security/vulnerabilities_20.html > ). Someone did however point me to following location ( > http://www.apache.org/dist/httpd/patches/apply_to_2.0.63/) for an Apache > 2.0.x patch. >
IMHO a 2.0.64 will not happen any time soon and there is already a backport for this issue at http://www.apache.org/dist/httpd/patches/apply_to_2.0.63/ as you say correctly. So you would need to apply this patch by yourself and then compile 2.0.63. Regards RĂ¼diger