Christian Hammers wrote: > On Sat, Jun 22, 2002 at 11:50:10PM -0700, Jamie Heilman wrote: > > its not just mod_proxy, apache was vulnerable regardless > BTW: in the case that mod_proxy is not loaded: is it enough to just > backport the get_chunk_size function from http_protocol.c (like in the > file debian/patches/cert_vucert944335) to earlier versions to fix the > vulnerability or is there more?
I would say yes, in the case where mod_proxy isn't loaded. -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds with a wet towel, pure insanity..." -Rimmer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]