On Mon, Mar 08, 2004 at 02:47:10PM -0800, Andy Cutright wrote: > apacheweek has announced a vulnerability: > > http://www.apacheweek.com/features/security-20 > > the bugzilla problem report indicates this diff fixes the problem: > > http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c? > r1=1.117&r2=1.118 > > recent email on the dev list includes -two- diffs under the PR report: ... > can someone please tell me if i need both of the patches or only one? if > i need both patches, is the bugzilla report wrong? my source code base > is the 2.0.48 release.
Use both the patches or just fetch the backported patch which includes both changes: http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.100.2.11&r2=1.100.2.12 joe