[25856] in bugtraq
Re: CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability
daemon@ATHENA.MIT.EDU (Jay D. Dyson)
Tue Jun 18 17:49:00 2002
Date: Tue, 18 Jun 2002 13:23:15 -0700 (PDT)
From: "Jay D. Dyson" <jdyson@treachery.net>
To: Bugtraq <bugtraq@securityfocus.com>
In-Reply-To: <CA-2002-17.1@cert.org>
Message-ID: <Pine.GSO.3.96.1020618131849.8877B-100000@crypto>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 17 Jun 2002, CERT Advisory wrote:
> III. Solution
<snip>
> Upgrade to the latest version
>
> The Apache Software Foundation has released two new versions of Apache
> that correct this vulnerability. System administrators can prevent the
> vulnerability from being exploited by upgrading to Apache version
> 1.3.25 or 2.0.39.
I've just visited http://httpd.apache.org/ for the upgrade on
Apache and noted that v2.0.39 is available[*], but v1.3.25 is nowhere to
be found. Is anyone in the know on an ETA for Apache v1.3.25?
- -Jay
* The source is available only on the main site so far. The mirrors have
not yet caught up.
( ( _______
)) )) .--"There's always time for a good cup of coffee"--. >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson@treachery.net ------<) | = |-'
`--' `--' `-- I'll be diplomatic...when I run out of ammo. --' `------'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iD8DBQE9D5a2GI2IHblM+8ERAreAAJ9dyTh+FJDngzPUILwA7Y3JX8llwgCglGRW
2clwFrU6U9jM/Ie978ShuPQ=
=+DJK
-----END PGP SIGNATURE-----
