Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 27 Mar 2018 10:58:50 +0200
From: Yann Ylavic <ylavic.dev@...il.com>
To: Dagobert Michelsen <dam@...ncsw.org>
Cc: httpd-security <security@...pd.apache.org>, announce@...pd.apache.org, 
	oss-security@...ts.openwall.com
Subject: Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using
 too small Accept-Language values

Hi Dago,

On Mon, Mar 26, 2018 at 9:42 PM, Dagobert [...] wrote:
>
> Am 26.03.2018 um 07:06 schrieb Daniel Ruggeri:
>>
>> Users of (the now end-of-life) httpd 2.2 who cannot upgrade at this time
>> should apply CVE-2017-15710.patch, which is available at
>>
>>   https://www.apache.org/dist/httpd/patches/apply_to_2.2.34/
>
> This link does not exist, there is only
>   https://www.apache.org/dist/httpd/patches/apply_to_2.4.27/

Thanks for noticing and letting us know.

The 2.2 version of httpd has ended its long life and went to the attic
(almost simultaneously with this announcement):
  https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/

Regards,
Yann.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ