Wasn't the fix in 0.9.6e and later? The latest rpm available is b. Is there no sense of urgency from Redhat?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jiann-Ming Su Sent: Tuesday, September 17, 2002 4:19 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: New CERT Advisory on Apache/mod_ssl? I think the latest openssl from (0.9.6b-28) was releaseed at the end of July. I've done regular up2dates on a weekly basis. I'm not sure that I restarted httpd immediately after updating, but the last time it was restarted was Aug 21. The datestamp on the .bugtraq.c file is Sep 14 13:05. It looks like they dumped an uuencoded version (.uubugtraq) and somehow uudecoded it. Again, I don't think it was compiled. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list