----- "Matus UHLAR - fantomas" <uh...@fantomas.sk> wrote:
> On 19.10.10 11:27, William A. Rowe Jr. wrote:
> > Subject: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released
>
> > The Apache Software Foundation and the Apache HTTP Server Project
> are
> > pleased to announce the release of version 2.2.17 of the Apache
> HTTP
> > Server ("Apache"). This version of Apache is principally a bug
> fix
> > release, and a security fix release of the APR-util 1.3.10
> dependency;
> >
> > * SECURITY: CVE-2010-1623 (cve.mitre.org)
> > Fix a denial of service attack against
> apr_brigade_split_line().
> >
> > * SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
> > Fix two buffer over-read flaws in the bundled copy of expat
> which
> > could cause httpd to crash while parsing specially-crafted
> > XML documents.
>
> does this mean that if I have apache compiled with external
> apr-util-1.3.10 and external expat, I am safe?
Unless that external expat is the same version as the bundled copy.
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
