[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Fix for RHSA-2004-349 already in FC2's httpd?

From: Joe Orton <jorton redhat com>
To: fedora-devel-list redhat com
Subject: Re: Fix for RHSA-2004-349 already in FC2's httpd?
Date: Wed, 8 Sep 2004 23:08:49 +0100

On Wed, Sep 08, 2004 at 10:38:11PM +0200, Enrico Scholz wrote:
> is the issue from http://rhn.redhat.com/errata/RHSA-2004-349.html already
> fixed in the latest FC2 httpd package (2.0.50-2.1)?  The announcement
> mentions that 2.0.50 and below are affected, the issue was reported at
> 2004-07-07 in apache's bugzilla[1], the package was built at 2004-06-29
> and the changelog does not seem to have related entries.

No, this issue will be fixed in 2.0.51, the release process for which is
already well under way: I'll issue 2.0.51 updates for Fedora when it's
done.

CAN-2004-0748 or CAN-2004-0751 (another public mod_ssl issue, which was
not fixed in the RHEL3 U3 httpd update) do not really necessitate an
httpd update in the mean time: the former means with very particular
timing you can possibly trigger CPU hogs, the latter can only be
triggered in rather uncommon configurations where you allow proxying to
a remote SSL server.

Regards,

joe

References:
- Fix for RHSA-2004-349 already in FC2's httpd?
  - From: Enrico Scholz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]