Date: Sun, 25 Mar 2018 15:11:21 +0200 From: Yann Ylavic <ylavic@...che.org> To: oss-security@...ts.openwall.com Cc: Marius Bakke <mbakke@...tmail.com>, Daniel Ruggeri <druggeri@...che.org>, security@...pd.apache.org Subject: Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values On 03/25/2018 12:52 PM, Marius Bakke wrote: > Daniel Ruggeri <druggeri@...che.org> writes: >> References: >> https://httpd.apache.org/security/vulnerabilities_24.html > > Perhaps I'm hitting an outdated mirror (188.8.131.52), but this > page lists "OptionsBleed" as the most recent CVE, and the download > page shows 2.4.29 as the latest release. The httpd website is missing some synchronization still, we are currently looking into it. > > I found 2.4.33 by browsing my suggested mirror "manually", but it > does not have the PGP signatures. > > https://apache.uib.no/httpd/ > > I had to go to <https://www-eu.apache.org/dist/httpd/> in order to > verify the integrity. The website should be updated soon too, in the meantime the tarballs (and signatures) are available here: https://archive.apache.org/dist/httpd/ Thanks for noticing and letting us now. Regards, Yann.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.