Re: [CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

2009-03-22 Thread Rob Townley
On Sun, Mar 22, 2009 at 3:29 PM, Les Mikesell wrote: > Rainer Duffner wrote: >> Am 22.03.2009 um 20:40 schrieb Rob Townley: >> >>> http://httpd.apache.org/security/vulnerabilities_20.html >>> >>> states that Apache 2.0.52 is 4 years old and the latest version is >>> 2.0.68. >>> i am no longer a ht

Re: [CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

2009-03-22 Thread Lanny Marcus
On 3/22/09, Rob Townley wrote: > http://httpd.apache.org/security/vulnerabilities_20.html > states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68. > i am no longer a httpd expert, but at least one of the security fixes > involves XSS attacks via malformed ftp commands. I also

Re: [CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

2009-03-22 Thread Les Mikesell
Rainer Duffner wrote: > Am 22.03.2009 um 20:40 schrieb Rob Townley: > >> http://httpd.apache.org/security/vulnerabilities_20.html >> >> states that Apache 2.0.52 is 4 years old and the latest version is >> 2.0.68. >> i am no longer a httpd expert, but at least one of the security fixes >> involv

Re: [CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

2009-03-22 Thread Rainer Duffner
Am 22.03.2009 um 20:40 schrieb Rob Townley: > http://httpd.apache.org/security/vulnerabilities_20.html > > states that Apache 2.0.52 is 4 years old and the latest version is > 2.0.68. > i am no longer a httpd expert, but at least one of the security fixes > involves XSS attacks via malformed ft

[CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

2009-03-22 Thread Rob Townley
http://httpd.apache.org/security/vulnerabilities_20.html states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68. i am no longer a httpd expert, but at least one of the security fixes involves XSS attacks via malformed ftp commands. I also realize that redhat / centos may patch