oss-security - Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Date: Tue, 27 Mar 2018 10:58:50 +0200
From: Yann Ylavic <ylavic.dev@...il.com>
To: Dagobert Michelsen <dam@...ncsw.org>
Cc: httpd-security <security@...pd.apache.org>, announce@...pd.apache.org, 
	oss-security@...ts.openwall.com
Subject: Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using
 too small Accept-Language values

Hi Dago,

On Mon, Mar 26, 2018 at 9:42 PM, Dagobert [...] wrote:
>
> Am 26.03.2018 um 07:06 schrieb Daniel Ruggeri:
>>
>> Users of (the now end-of-life) httpd 2.2 who cannot upgrade at this time
>> should apply CVE-2017-15710.patch, which is available at
>>
>>   https://www.apache.org/dist/httpd/patches/apply_to_2.2.34/
>
> This link does not exist, there is only
>   https://www.apache.org/dist/httpd/patches/apply_to_2.4.27/

Thanks for noticing and letting us know.

The 2.2 version of httpd has ended its long life and went to the attic
(almost simultaneously with this announcement):
  https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/

Regards,
Yann.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.