Re: Backporting and Apache 2.0.52 is 4 1/2 years old

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Am 22.03.2009 um 20:40 schrieb Rob Townley:

> http://httpd.apache.org/security/vulnerabilities_20.html
>
> states that Apache 2.0.52 is 4 years old and the latest version is  
> 2.0.68.
> i am no longer a httpd expert, but at least one of the security fixes
> involves XSS attacks via malformed ftp commands.  I also realize that
> redhat / centos may patch things separately from Apache and that the
> sysadmin has  a great deal to do with how secure things are, but
> almost 5 years?
>



Download the src-RPM and make a checklist which CVEs are fixed and  
which not.
(It's in a changelog-file somewhere - I don't remember the details,  
it's a while that I actually looked)

Then, return here.



Best Regards,
Rainer

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux