Thank you. > drsystems at globalcerts.net writes: >> Hello, >> >> I am working on a CentOS Linux 2.6.32-71.el6.x86_64 system. >> I noticed that the system came with httpd-2.2.15-6 installed. >> After I run 'yum update' I get httpd-2.2.15-9. >> >> I did some research on the Internet, but can't find the following >> information: are most of the security fixes that appear in httpd-2.2.21 >> applied to the update on httpd-2.2.15-9? >> >> There was a security fix just last August, the CVE-2011-3192 on Range >> and >> DoS. I don't imagine that this is in the 2.2.15-9. Do you have plans to >> provide this patch in the repository so that 'yum update httpd*' would >> get >> this patch? > > $ cd $REPO > $ rpm -qp --changelog httpd-2.2.15-9.el6.centos.3.x86_64.rpm > * Fri Oct 21 2011 Karanbir Singh <kbsingh at centos.org> - > 2.2.15-9.3.el6.centos > - Roll in CentOS Branding > > * Thu Oct 06 2011 Joe Orton <jorton at redhat.com> - 2.2.15-9.3 > - add security fixes for CVE-2011-3347, CVE-2011-3368 (#743901) > - fix regressions in CVE-2011-3192 patch (#736592) > > * Tue Aug 30 2011 Joe Orton <jorton at redhat.com> - 2.2.15-9.2, > - updated patch for CVE-2011-3192 from upstream (#733062) > > * Fri Aug 26 2011 Jan Kaluza <jkaluza at redhat.com> - 2.2.15-9.1 > - fix #733062 - backported CVE-2011-3192 fix from httpd trunk > > * Fri Apr 08 2011 Joe Orton <jorton at redhat.com> - 2.2.15-9 > - mod_ssl: complete fix for overlapping memcpy (#652335) > ... > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >