On Mon, Jul 26, 2004 at 11:15:02 +0100, Chris Morris wrote: > DSA-532 contained: > >Package : libapache-mod-ssl
> >CVE Ids : CAN-2004-0488 CAN-2004-0700 > > Is apache-ssl also vulnerable to these? In all likeliness, no. See http://www.apache-ssl.org/#mod_ssl . The apache-ssl source does not appear to contain the vulnerable "ssl_util_uuencode_binary" function (CAN-2004-0488) nor the vulnerable "ssl_log" function (CAN-2004-0700), and none of the advisories for these issues hints at problems with apache-ssl. HTH, Ray -- RUMOUR Believe all you hear. Your world may not be a better one than the one the blocks live in but it'll be a sight more vivid. - The Hipcrime Vocab by Chad C. Mulligan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
