Just to confirm, the bug exists in 2.8.9 and earlier? The first part of the advisory mentions 2.4.9, so a casual reader may assume they are unaffected if they don't read all the way to the bottom... On Monday 24 June 2002 15:47, Jedi/Sector One wrote: > Product: mod_ssl - http://www.modssl.org/ > Date: 06/24/2002 > Summary: Off-by-one in mod_ssl 2.4.9 and earlier [ snip ] > The mod_ssl development team was very reactive and a new version has just > been released. mod_ssl 2.8.10 addresses the vulnerability and it is > freely available from http://www.modssl.org/ . Upgrading from an earlier > release is painless.
