On Thu, May 27, 2004 at 15:21:37 +0200, Ralf S. Engelschall wrote: > Changes with mod_ssl 2.8.18 (11-May-2004 to 27-May-2004) > > *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation > if the Subject-DN in the client certificate exceeds 6KB in length. > (CVE CAN-2004-0488). >
Is that also an issue in apache-2.x? (I wasn't able to find that CVE, so I ask here ;-) Best regards Udo -- Udo Schweigert, Siemens AG | Voice : +49 89 636 42170 CT IC CERT, Siemens CERT | Fax : +49 89 636 41166 D-81730 M�nchen / Germany | email : [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
