hi all, apacheweek has announced a vulnerability:
http://www.apacheweek.com/features/security-20 the bugzilla problem report indicates this diff fixes the problem: http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c? r1=1.117&r2=1.118 recent email on the dev list includes -two- diffs under the PR report: * mod_ssl: Fix nasty memory leak for each plain-HTTP-on-SSL-port request. PR: 27106 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c? r1=1.117&r2=1.118 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c? r1=1.120&r2=1.121 can someone please tell me if i need both of the patches or only one? if i need both patches, is the bugzilla report wrong? my source code base is the 2.0.48 release. cheers, andy