Date: Tue, 27 Mar 2018 10:58:50 +0200 From: Yann Ylavic <ylavic.dev@...il.com> To: Dagobert Michelsen <dam@...ncsw.org> Cc: httpd-security <security@...pd.apache.org>, announce@...pd.apache.org, oss-security@...ts.openwall.com Subject: Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Hi Dago, On Mon, Mar 26, 2018 at 9:42 PM, Dagobert [...] wrote: > > Am 26.03.2018 um 07:06 schrieb Daniel Ruggeri: >> >> Users of (the now end-of-life) httpd 2.2 who cannot upgrade at this time >> should apply CVE-2017-15710.patch, which is available at >> >> https://www.apache.org/dist/httpd/patches/apply_to_2.2.34/ > > This link does not exist, there is only > https://www.apache.org/dist/httpd/patches/apply_to_2.4.27/ Thanks for noticing and letting us know. The 2.2 version of httpd has ended its long life and went to the attic (almost simultaneously with this announcement): https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/ Regards, Yann.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ