> > On 19.10.10 11:27, William A. Rowe Jr. wrote: > >> * SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) > >> Fix two buffer over-read flaws in the bundled copy of expat which > >> could cause httpd to crash while parsing specially-crafted > >> XML documents. > On 10/20/2010 1:44 AM, Matus UHLAR - fantomas wrote: > > does this mean that if I have apache compiled with external > > apr-util-1.3.10 and external expat, I am safe? On 20.10.10 15:05, William A. Rowe Jr. wrote: > From these two flaws? Only if your external expat is also up-to-date, refer > that question to the expat community. I see. Unfortunately, I haven't seen bundled expat version in the announce. And luckily, my version is patched. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "They say when you play that M$ CD backward you can hear satanic messages." "That's nothing. If you play it forward it will install Windows." --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx