Subject: Re: www/apache*
To: None <itojun@iijlab.net>
From: Ignatios Souvatzis <ignatios@theory.cs.uni-bonn.de>
List: tech-pkg
Date: 06/18/2002 14:06:27
--EY/WZ/HvNxOox07X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 18, 2002 at 08:15:59PM +0900, itojun@iijlab.net wrote:
> 	beware - www/apache* ARE NOT SECURE YET.  we are still awaiting for
> 	apache.org to issue a new release.
>=20
> 	apache-1.3.24 -> apache-1.3.24nb1 change was from ISS advisory,
> 	but many comments say that it is not enough.  therefore, i've marked
> 	apache-1.3.24nb1 as vulnerable in pkg-vulnerabilities list
> 	(pkgsrc/security/audit-packages is your friend).

doesn't the bad part (> denial-of-service) only apply to 64 bit architectur=
es?

	-is

--EY/WZ/HvNxOox07X
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.i

iQEVAgUBPQ8eNzCn4om+4LhpAQF6hAf/R/eVMB00TfmLxfct/E26UVcAwc0nw+gb
4fNv7jNFenf+u/cLPKEmor0Hf06xXoxTIyH8YZWU3t6m2ZH1V0sErzHcXJ5qOo5E
O/rez+jw7Q9vXpbyiX4AgC+U3Duk/83SIARUtrU/zL7P8fo8lpf6oNOcWPjEKx8H
PJpyxARYtt4p4pJKxTIjHFQCJWaroJ3CY0H+JAooFTyD41WS9x77Fs4HkKyczyA5
zharbvK6Fg7xvpehJD/48lSlQlaYiOHxwXVjeskJNz40zxdgzYfWP8rFkENeFgwK
qUWnNDBzVKBpH8vm4kt2AFzZ5C0LI6RzscvT3lEi+kisFw6jSpmw4w==
=YbBn
-----END PGP SIGNATURE-----

--EY/WZ/HvNxOox07X--