Mailing List Archive: Apache: Dev

Fix for CVE-2008-2364 for httpd 2.0.64-dev

Index | Next | Previous | View Threaded

rwatkin at us

Oct 14, 2009, 3:05 PM

Post #1 of 2 (111 views)
Permalink

Fix for CVE-2008-2364 for httpd 2.0.64-dev

Is there any chance the fix for security vulnerability CVE-2008-2364 (
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364) will be back
ported to Apache 2.0.x? The reason I ask is because this particular
security vulnerability is missing from the Apache 2.0 list of security
vulnerabilities (http://httpd.apache.org/security/vulnerabilities_20.html
). Someone did however point me to following location (
http://www.apache.org/dist/httpd/patches/apply_to_2.0.63/) for an Apache
2.0.x patch.

rpluem at apache

Oct 15, 2009, 12:29 PM

Post #2 of 2 (99 views)
Permalink

Re: Fix for CVE-2008-2364 for httpd 2.0.64-dev [In reply to]

On 10/15/2009 12:05 AM, Ryan Watkins wrote:
> Is there any chance the fix for security vulnerability CVE-2008-2364 (
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364) will be back
> ported to Apache 2.0.x? The reason I ask is because this particular
> security vulnerability is missing from the Apache 2.0 list of security
> vulnerabilities (http://httpd.apache.org/security/vulnerabilities_20.html
> ). Someone did however point me to following location (
> http://www.apache.org/dist/httpd/patches/apply_to_2.0.63/) for an Apache
> 2.0.x patch.
>

IMHO a 2.0.64 will not happen any time soon and there is already a backport
for this issue at http://www.apache.org/dist/httpd/patches/apply_to_2.0.63/
as you say correctly. So you would need to apply this patch by yourself and
then compile 2.0.63.

Regards

Rüdiger

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com