Hi, I just noticed that it was missed to mention that CVE-2005-2970 has been fixed with httpd 2.0.55 (See the following entry from 2.0.55 Changelog:
*) worker MPM: Fix a memory leak which can occur after an aborted connection in some limited circumstances. [Greg Ames] ) The entry is missing in the Changelog (which cannot be changed any longer for 2.0.55, btw: does it make sense to adjust this entry such that this hint will be included in 2.0.56?) as well as on http://httpd.apache.org/security/vulnerabilities_20.html As I see that the vulnerabilities files are basicly only adjusted by one person the question for me is: Should I add it or not? Regards RĂ¼diger