On Wed, Sep 08, 2004 at 10:38:11PM +0200, Enrico Scholz wrote: > is the issue from http://rhn.redhat.com/errata/RHSA-2004-349.html already > fixed in the latest FC2 httpd package (2.0.50-2.1)? The announcement > mentions that 2.0.50 and below are affected, the issue was reported at > 2004-07-07 in apache's bugzilla[1], the package was built at 2004-06-29 > and the changelog does not seem to have related entries. No, this issue will be fixed in 2.0.51, the release process for which is already well under way: I'll issue 2.0.51 updates for Fedora when it's done. CAN-2004-0748 or CAN-2004-0751 (another public mod_ssl issue, which was not fixed in the RHEL3 U3 httpd update) do not really necessitate an httpd update in the mean time: the former means with very particular timing you can possibly trigger CPU hogs, the latter can only be triggered in rather uncommon configurations where you allow proxying to a remote SSL server. Regards, joe
