httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aman Raheja <arah...@techquotes.com>
Subject Re: [users@httpd] Patch for Apache 2.0.54 Request Smuggling Vulnerability
Date Fri, 08 Jul 2005 12:30:38 GMT
Do we expect a public availability of 2.0.55 on apache's website which 
has the bug fix for http://www.securityfocus.com/bid/14106
SecurityFocus says it is available in svn repository but all I find, 
updated 2 hours back is that the vulnerability has been assigned a CAN 
(http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/)

Any pointers?
Thanks
- Aman Raheja

Aman Raheja wrote:

> I was looking the other day - I think 2 days back and did not see it 
> either.
> Moreover this changelog talks about apache 2.0.55, with some security 
> fix and some more stuff, but 2.0.55 is not yet released, though it 
> does not list to be addressing the security issues Lucas has pointed out.
> http://www.apache.org/dist/httpd/CHANGES_2.1
> what's with that?
> Thanks
> - Aman Raheja
>
> Lucas Brasilino wrote:
>
>> Hi!
>>
>> I've been looking around to find the patch
>> to apache 2.0.54 which corrects the
>> vulnerability pointed out by SecurityFocus at:
>>
>> http://www.securityfocus.com/bid/14106
>>
>> It says that this patch is available at SVN
>> repository... but I didn't find it.
>>
>> Where can I get it?
>>
>> Thanks in advance.
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message