Rainer Duffner wrote: > Am 22.03.2009 um 20:40 schrieb Rob Townley: > >> http://httpd.apache.org/security/vulnerabilities_20.html >> >> states that Apache 2.0.52 is 4 years old and the latest version is >> 2.0.68. >> i am no longer a httpd expert, but at least one of the security fixes >> involves XSS attacks via malformed ftp commands. I also realize that >> redhat / centos may patch things separately from Apache and that the >> sysadmin has a great deal to do with how secure things are, but >> almost 5 years? >> > > > > Download the src-RPM and make a checklist which CVEs are fixed and > which not. > (It's in a changelog-file somewhere - I don't remember the details, > it's a while that I actually looked) > > Then, return here. Try: rpm -q --changelog httpd |less to see if it includes what you want to know before bothering with src rpms. -- Les Mikesell lesmikesell at gmail.com