If I read the advisories correctly, the problem was related to opsnssl
code. so, recompiling apache/mod-ssl with the new or patched openssl
sources should fix that issue. the other question though is, since there
were additional advisories related to mm, and apache 1.3.X/mod-ssl
requires mm for proper compilation and functioning, if there is a new mm
package or patch available.
Thanks,
Ron dufresne
On Wed, 31 Jul 2002, Rainer Jung wrote:
> Hi,
>
> will there be a new version of mod_ssl for the security fixed openssl
> 0.9.6e and openssl-engine 0.9.6e or is it safe to use mod_ssl 2.8.10.
>
> If there will be a new version: is there an expected release date/time?
>
> Thanks for any answers!
>
> Rainer Jung
>
> kippdata informationstechnologie GmbH
> Bornheimer Stra�e 33a
> D-53111 Bonn
> Germany
>
> Tel.: +49/228/98549-0
> Fax: +49/228/98549-50
> email: [EMAIL PROTECTED]
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
