Fedora Legacy Test Update Notification: apache
Charles R. Anderson
cra at WPI.EDU
Thu Sep 30 14:11:01 UTC 2004
On Thu, Sep 30, 2004 at 10:07:34AM -0400, Charles R. Anderson wrote:
> On Thu, Sep 30, 2004 at 06:49:31AM -0500, Simon Weller wrote:
> > On Thursday 30 September 2004 06:06 am, Tobias Sager wrote:
> > > I always get a "BAD signature" from you (I am using Thunderbird).
> > > Can anyone confirm this as well?
> > I'm also getting a bad sig from Marc in Kmail (kde 3.3).
>
> Me too. Mutt/gnupg.
>
> Is it caused by the bad line-wrapping in the message?
Verified. These two lines, when unwrapped, allows the signature to be
correctly verified:
--- msg.orig Thu Sep 30 10:09:33 2004
+++ msg.fixed Thu Sep 30 10:08:24 2004
@@ -22,11 +22,9 @@
A buffer overflow was found in the Apache proxy module, mod_proxy, which
can be triggered by receiving an invalid Content-Length header. In order
to exploit this issue, an attacker would need an Apache installation
-that was configured as a proxy to connect to a malicious site. This
-would
+that was configured as a proxy to connect to a malicious site. This would
cause the Apache child processing the request to crash. The Common
-Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
-name
+Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0492 to this issue.
More information about the fedora-legacy-list
mailing list