On Wed, Sep 08, 2004 at 10:38:11PM +0200, Enrico Scholz wrote:
is the issue from
http://rhn.redhat.com/errata/RHSA-2004-349.html
already
fixed in the latest FC2 httpd package (2.0.50-2.1)? The announcement
mentions that 2.0.50 and below are affected, the issue was reported at
2004-07-07 in apache's bugzilla[1], the package was built at 2004-06-29
and the changelog does not seem to have related entries.
No, this issue will be fixed in 2.0.51, the release process for which is
already well under way: I'll issue 2.0.51 updates for Fedora when it's
done.
CAN-2004-0748 or CAN-2004-0751 (another public mod_ssl issue, which was
not fixed in the RHEL3 U3 httpd update) do not really necessitate an
httpd update in the mean time: the former means with very particular
timing you can possibly trigger CPU hogs, the latter can only be
triggered in rather uncommon configurations where you allow proxying to
a remote SSL server.
Regards,
joe