On Sat, Sep 09, 2006 at 01:22:25PM +0200, Stefan Fritsch wrote: > On Saturday 09 September 2006 12:35, Lo?c Minier wrote: > > I think only apache was uploaded for CVE-2006-3918, and not > > apache2. Do you intend to issue a DSA for apache2 as well? Or > > isn't it affected by the vulnerability? > > > > This is fixed in apache2 >= 2.0.55-4.1 in unstable. > > The issue is less severe for apache2 because it is much more difficult > to exploit: apache2 will first wait for the request timeout (usually > 5 minutes) before sending the problematic error message.
I have a pending upload of Apache2 for this, but I've been unexpectantly busy. I did intend it to be a day or two after the apache update. All being well I'll get it released tomorrow. If not it will have to be midweek. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
