Quoting Steve Suehring <[EMAIL PROTECTED]>: > If I'm not mistaken the vulnerabilities existed in two files found in > apache-common. Since apache-common is a prerequisite for apache-ssl, > updating apache-common should correct the vulnerability. I could be > wrong and I'm sure someone will correct me if I am. :)
You are correct. The files are /usr/bin/htpasswd and /usr/lib/apache/1.3/mod_include.so. Both are indeed in apache-common. Otherwise, the apache-perl package might be affected too. Not only apache-ssl. HTH, Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | "... putting a mail server on the Internet without filtering is like | | covering yourself with barbecue sauce and breaking into the Charity | | Home for Badgers with Rabies. Michael Lucas | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]