Fix for RHSA-2004-349 already in FC2's httpd?

Joe Orton jorton at redhat.com
Wed Sep 8 22:08:49 UTC 2004


On Wed, Sep 08, 2004 at 10:38:11PM +0200, Enrico Scholz wrote:
> is the issue from http://rhn.redhat.com/errata/RHSA-2004-349.html already
> fixed in the latest FC2 httpd package (2.0.50-2.1)?  The announcement
> mentions that 2.0.50 and below are affected, the issue was reported at
> 2004-07-07 in apache's bugzilla[1], the package was built at 2004-06-29
> and the changelog does not seem to have related entries.

No, this issue will be fixed in 2.0.51, the release process for which is
already well under way: I'll issue 2.0.51 updates for Fedora when it's
done.

CAN-2004-0748 or CAN-2004-0751 (another public mod_ssl issue, which was
not fixed in the RHEL3 U3 httpd update) do not really necessitate an
httpd update in the mean time: the former means with very particular
timing you can possibly trigger CPU hogs, the latter can only be
triggered in rather uncommon configurations where you allow proxying to
a remote SSL server.

Regards,
 
joe





More information about the fedora-devel-list mailing list