On Sun, Mar 22, 2009 at 3:29 PM, Les Mikesell <lesmikesell at gmail.com> wrote: > Rainer Duffner wrote: >> Am 22.03.2009 um 20:40 schrieb Rob Townley: >> >>> http://httpd.apache.org/security/vulnerabilities_20.html >>> >>> states that Apache 2.0.52 is 4 years old and the latest version is >>> 2.0.68. >>> i am no longer a httpd expert, but at least one of the security fixes >>> involves XSS attacks via malformed ftp commands. I also realize that >>> redhat / centos may patch things separately from Apache and that the >>> sysadmin has a great deal to do with how secure things are, but >>> almost 5 years? >>> >> >> >> >> Download the src-RPM and make a checklist which CVEs are fixed and >> which not. >> (It's in a changelog-file somewhere - I don't remember the details, >> it's a while that I actually looked) >> >> Then, return here. > > Try: > > rpm -q --changelog httpd |less > to see if it includes what you want to know before bothering with src rpms. Thank You Les, that is an awesome info. > > -- > Les Mikesell > lesmikesell at gmail.com > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >