On Wed, 2002-06-19 at 13:39, NANTENAINA Tianarivo ulrich wrote: > Hi folk, > > We have some machine with testing and the version of the Apache on those > servers is 1.3.24-3. I would like to know if this version of apache > debian is also vulnerable. I've checked the announcement sent about the > patch but didn't find inside the patch for this version. As the advisory > said that Apache version 1.3.24 is still vulnerable, it worried me.
I believe it is. If you use 32 bit machines you are 'only' vulnerable to a DoS attack, not a real compromise of your servers. > What should I do? I have decided to wait a while to give the maintainers a fair chance to make the packages. Beware that if the maintainers are US-based they will work while you and I are sleeping, so you might not see the updated packages in unstable before tomorrow. -- René Seindal ([EMAIL PROTECTED]) http://www.seindal.dk/rene/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]