thanks, andy
> -----Original Message----- > From: Joe Orton [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 09, 2004 6:14 AM > To: Andy Cutright > Cc: [EMAIL PROTECTED] > Subject: Re: mod_ssl fix for PR# 27106 > > On Mon, Mar 08, 2004 at 02:47:10PM -0800, Andy Cutright wrote: > > apacheweek has announced a vulnerability: > > > > http://www.apacheweek.com/features/security-20 > > > > the bugzilla problem report indicates this diff fixes the problem: > > > > > http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_en > gine_io.c? > > r1=1.117&r2=1.118 > > > > recent email on the dev list includes -two- diffs under the > PR report: > ... > > can someone please tell me if i need both of the patches or > only one? if > > i need both patches, is the bugzilla report wrong? my > source code base > > is the 2.0.48 release. > > Use both the patches or just fetch the backported patch which includes > both changes: > > http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_en > gine_io.c?r1=1.100.2.11&r2=1.100.2.12 > > joe >