[CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old
rob.townley at gmail.com
Mon Mar 23 04:59:31 UTC 2009
On Sun, Mar 22, 2009 at 3:29 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
> Rainer Duffner wrote:
>> Am 22.03.2009 um 20:40 schrieb Rob Townley:
>>> states that Apache 2.0.52 is 4 years old and the latest version is
>>> i am no longer a httpd expert, but at least one of the security fixes
>>> involves XSS attacks via malformed ftp commands. I also realize that
>>> redhat / centos may patch things separately from Apache and that the
>>> sysadmin has a great deal to do with how secure things are, but
>>> almost 5 years?
>> Download the src-RPM and make a checklist which CVEs are fixed and
>> which not.
>> (It's in a changelog-file somewhere - I don't remember the details,
>> it's a while that I actually looked)
>> Then, return here.
> rpm -q --changelog httpd |less
> to see if it includes what you want to know before bothering with src rpms.
Thank You Les, that is an awesome info.
> Les Mikesell
> lesmikesell at gmail.com
> CentOS mailing list
> CentOS at centos.org
More information about the CentOS