[CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

Mon Mar 23 03:59:31 UTC 2009
Rob Townley <rob.townley at gmail.com>

On Sun, Mar 22, 2009 at 3:29 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
> Rainer Duffner wrote:
>> Am 22.03.2009 um 20:40 schrieb Rob Townley:
>>
>>> http://httpd.apache.org/security/vulnerabilities_20.html
>>>
>>> states that Apache 2.0.52 is 4 years old and the latest version is
>>> 2.0.68.
>>> i am no longer a httpd expert, but at least one of the security fixes
>>> involves XSS attacks via malformed ftp commands.  I also realize that
>>> redhat / centos may patch things separately from Apache and that the
>>> sysadmin has  a great deal to do with how secure things are, but
>>> almost 5 years?
>>>
>>
>>
>>
>> Download the src-RPM and make a checklist which CVEs are fixed and
>> which not.
>> (It's in a changelog-file somewhere - I don't remember the details,
>> it's a while that I actually looked)
>>
>> Then, return here.
>
> Try:
>
> rpm -q --changelog httpd |less
> to see if it includes what you want to know before bothering with src rpms.

Thank You Les, that is an awesome info.

>
> --
>   Les Mikesell
>    lesmikesell at gmail.com
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>