Re: Re: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > On 19.10.10 11:27, William A. Rowe Jr. wrote:
> >>      * SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
> >>        Fix two buffer over-read flaws in the bundled copy of expat which
> >>        could cause httpd to crash while parsing specially-crafted
> >>        XML documents.

> On 10/20/2010 1:44 AM, Matus UHLAR - fantomas wrote:
> > does this mean that if I have apache compiled with external
> > apr-util-1.3.10 and external expat, I am safe?

On 20.10.10 15:05, William A. Rowe Jr. wrote:
> From these two flaws?  Only if your external expat is also up-to-date, refer
> that question to the expat community.

I see. Unfortunately, I haven't seen bundled expat version in the announce.
And luckily, my version is patched.
-- 
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux