Igor Pechtchanski wrote: > now. Both apache and mod_php4 were suffering from multiple > vulnerabilities due to being linked to the old ssl libraries. The > maintainer was rather busy and couldn't update them in a timely manner, so
Actually IIRC the vulnerability was part of the core Apache, and had something to do with "..\" being able to traverse paths due to the fact that '\' is not a pathname seperator in unix. But yes, new mod_php packages should be posted soon to go with the fixed 1.3.29 Apache. Brian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
