Date: Thu, 19 Apr 2001 14:34:26 -0400
From: zvz <zvz@FREENET.NETHER.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: OpenBSD 2.8patched Apache vuln!
Looks like we have patched versions of 2.8,
but on the mainstream of it (cvs),
the included apache version (usr.sbin/httpd) IS VULN
to the following bug:
http://www.securityfocus.com/vdb/bottom.html?vid=2503
Just GO and get the latest version of Apache, nomatter (I assume)
what OpenBSD ver you have, at least on the ones it is included by
default.
Just got confirmed on the tech@openbsd.org, thath only the CURRENT
is PATCHED(updated to 1.3.19).
Sure, I see that the OpenBSD is the best in terms of security, I
understand, that they are maybe short on people, I know that they work
for free, but still,
maybe the patch policy in not one of the best of it.
Regards
Zvz
