Date: Tue, 27 Mar 2018 10:58:50 +0200 From: Yann Ylavic <ylavic.dev@...il.com> To: Dagobert Michelsen <dam@...ncsw.org> Cc: httpd-security <security@...pd.apache.org>, announce@...pd.apache.org, oss-security@...ts.openwall.com Subject: Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Hi Dago, On Mon, Mar 26, 2018 at 9:42 PM, Dagobert [...] wrote: > > Am 26.03.2018 um 07:06 schrieb Daniel Ruggeri: >> >> Users of (the now end-of-life) httpd 2.2 who cannot upgrade at this time >> should apply CVE-2017-15710.patch, which is available at >> >> https://www.apache.org/dist/httpd/patches/apply_to_2.2.34/ > > This link does not exist, there is only > https://www.apache.org/dist/httpd/patches/apply_to_2.4.27/ Thanks for noticing and letting us know. The 2.2 version of httpd has ended its long life and went to the attic (almost simultaneously with this announcement): https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/ Regards, Yann.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.