Full Disclosure mailing list archives
Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
From: "William A. Rowe, Jr." <wrowe () rowe-clan net>
Date: Thu, 03 Aug 2006 04:58:18 -0500
Philip M. Gollucci wrote:
William A. Rowe, Jr. wrote:Apache HTTP Server 2.2.3 Released
...
CVE-2006-3747: An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.Is a release in the 2.0.x (2.0.59) soon to follow ?
If you continued reading a few para's down...
Apache HTTP Server 1.3.37 and 2.0.59 legacy releases are also available with this security fix. See the appropriate CHANGES from the url above. The Apache HTTP Project developers strongly encourage all users to migrate to Apache 2.2, as only limited maintenance is performed on these legacy versions.
We don't expect to be publishing simultaneous spam for the old flavors every time we release the main version; essentially it propagates the idea that the 1.3 / 2.0 branches are actively developed and maintained. We will likely fix security flaws as they come up, but most of the time a single announcement suffices. (Oh, and check out the subject line too :) Bill _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released Philip M. Gollucci (Aug 03)
- Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released William A. Rowe, Jr. (Aug 03)
- Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released Steve VanDevender (Aug 03)