Hi, I have downloaded the sources of latest apache 2.2.8 that includes mod_ssl as well. My concern is about the two vulnerabilities (htp://www.securityfocus.com/bid/10736/info, htp://www.securityfocus.com/bid/4189/info). I do not have any information whether or not these two vulnerabilities still exist or have been fixed in the mod_ssl provided with apache sources 2.2.8. After googling I could find out that these are solved in mod_ssl 2.8.19. Now to fix this I am thinking/trying the following: - Check the version of mod_ssl bundled with apache 228. If this ver is greater than 2.8.19 then these vulnerabilities must have been fixed. I do not know how to determine the version of mod_ssl here. - Download the mod_ssl latest version from modssl.org and force (since modssl.org does not provide sources for apache 2.x ver; it provides only for apache 1.3.x series) its installation with latest apache 228 ver. Since, mod_ssl version here is not built for apache 2.x series, I may end up creating more problems for myself. Forgot the famous last words? Access your message archive online at http://in.messenger.yahoo.com/webmessengerpromo.php --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx