You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Philip M. Gollucci" <pg...@p6m7g8.com> on 2006/08/03 11:05:21 UTC
Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
William A. Rowe, Jr. wrote:
> Apache HTTP Server 2.2.3 Released
>
> The Apache Software Foundation and The Apache HTTP Server Project are
> pleased to announce the release of version 2.2.3 of the Apache HTTP Server
> ("Apache").
>
> This version of Apache is principally a bug and security fix release. The
> following potential security flaws are addressed;
>
> CVE-2006-3747: An off-by-one flaw exists in the Rewrite module,
> mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46,
> and 2.2 since 2.2.0.
Is a release in the 2.0.x (2.0.59) soon to follow ?
--
------------------------------------------------------------------------
Philip M. Gollucci (pgollucci@p6m7g8.com) 323.219.4708
Consultant / http://p6m7g8.net/Resume/resume.shtml
Senior Software Engineer - TicketMaster - http://ticketmaster.com
1024D/A79997FA F357 0FDD 2301 6296 690F 6A47 D55A 7172 A799 97F
"In all that I've done wrong I know I must have done something right to
deserve a hug every morning and butterfly kisses at night."
Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
Posted by Steffen <in...@apachelounge.com>.
On httpd.apache.org is at 2.059:
The Apache HTTP Server Project is *proud* to announce the legacy...
At 1.3.37
The Apache Group is *pleased* to announce the legacy...
Is the project is still proud to announce 2.0.x ?
Steffen
----- Original Message -----
From: "William A. Rowe, Jr." <wr...@rowe-clan.net>
To: <de...@httpd.apache.org>
Cc: <bu...@securityfocus.com>; <fu...@lists.grok.org.uk>
Sent: Thursday, August 03, 2006 11:58
Subject: Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37)
Released
> Philip M. Gollucci wrote:
>> William A. Rowe, Jr. wrote:
>>> Apache HTTP Server 2.2.3 Released
> ...
>>> CVE-2006-3747: An off-by-one flaw exists in the Rewrite module,
>>> mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since
>>> 2.0.46,
>>> and 2.2 since 2.2.0.
>> Is a release in the 2.0.x (2.0.59) soon to follow ?
>
> If you continued reading a few para's down...
>
>> Apache HTTP Server 1.3.37 and 2.0.59 legacy releases are also available
>> with this security fix. See the appropriate CHANGES from the url above.
>> The Apache HTTP Project developers strongly encourage all users to
>> migrate to Apache 2.2, as only limited maintenance is performed on these
>> legacy versions.
>
> We don't expect to be publishing simultaneous spam for the old flavors
> every
> time we release the main version; essentially it propagates the idea that
> the
> 1.3 / 2.0 branches are actively developed and maintained. We will likely
> fix
> security flaws as they come up, but most of the time a single announcement
> suffices. (Oh, and check out the subject line too :)
>
> Bill
>
Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Philip M. Gollucci wrote:
> William A. Rowe, Jr. wrote:
>> Apache HTTP Server 2.2.3 Released
...
>> CVE-2006-3747: An off-by-one flaw exists in the Rewrite module,
>> mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46,
>> and 2.2 since 2.2.0.
> Is a release in the 2.0.x (2.0.59) soon to follow ?
If you continued reading a few para's down...
> Apache HTTP Server 1.3.37 and 2.0.59 legacy releases are also available
> with this security fix. See the appropriate CHANGES from the url above.
> The Apache HTTP Project developers strongly encourage all users to
> migrate to Apache 2.2, as only limited maintenance is performed on these
> legacy versions.
We don't expect to be publishing simultaneous spam for the old flavors every
time we release the main version; essentially it propagates the idea that the
1.3 / 2.0 branches are actively developed and maintained. We will likely fix
security flaws as they come up, but most of the time a single announcement
suffices. (Oh, and check out the subject line too :)
Bill
Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Philip M. Gollucci wrote:
> Steve VanDevender wrote:
>> Philip M. Gollucci writes:
>> > William A. Rowe, Jr. wrote:
>> > > Apache HTTP Server 2.2.3 Released
>> > > > > The Apache Software Foundation and The Apache HTTP Server
>> Project are
>> > > pleased to announce the release of version 2.2.3 of the Apache
>> HTTP Server
>> > > ("Apache").
>> > > > > This version of Apache is principally a bug and security fix
>> release. The
>> > > following potential security flaws are addressed;
>> > > > > CVE-2006-3747: An off-by-one flaw exists in the Rewrite
>> module,
>> > > mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0
>> since 2.0.46,
>> > > and 2.2 since 2.2.0.
>> > Is a release in the 2.0.x (2.0.59) soon to follow ?
>>
>> Both 2.0.59 and 1.3.37 have been out for at least a couple of days now,
>> both including the mod_rewrite fix.
> Where did the annoucement go ?
> I'm on pretty much *@*.apache.org
>
> did I miss and delete them by accident ?
We do *not* email three announcement messages anymore. See the body of
the message which indicates 2.0.59 and 1.3.37 were released as well.
(I thought I just answered that question for you?)
This *one announcement message* was sent (as your reply-all indicated)
to bugtraq, full-disclosure, dev@httpd, announce@httpd, and announce@a.o.
Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
Posted by "Philip M. Gollucci" <pg...@p6m7g8.com>.
Steve VanDevender wrote:
> Philip M. Gollucci writes:
> > William A. Rowe, Jr. wrote:
> > > Apache HTTP Server 2.2.3 Released
> > >
> > > The Apache Software Foundation and The Apache HTTP Server Project are
> > > pleased to announce the release of version 2.2.3 of the Apache HTTP Server
> > > ("Apache").
> > >
> > > This version of Apache is principally a bug and security fix release. The
> > > following potential security flaws are addressed;
> > >
> > > CVE-2006-3747: An off-by-one flaw exists in the Rewrite module,
> > > mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46,
> > > and 2.2 since 2.2.0.
> > Is a release in the 2.0.x (2.0.59) soon to follow ?
>
> Both 2.0.59 and 1.3.37 have been out for at least a couple of days now,
> both including the mod_rewrite fix.
Where did the annoucement go ?
I'm on pretty much *@*.apache.org
did I miss and delete them by accident ?
--
------------------------------------------------------------------------
Philip M. Gollucci (pgollucci@p6m7g8.com) 323.219.4708
Consultant / http://p6m7g8.net/Resume/resume.shtml
Senior Software Engineer - TicketMaster - http://ticketmaster.com
1024D/A79997FA F357 0FDD 2301 6296 690F 6A47 D55A 7172 A799 97F
"It takes a minute to have a crush on someone, an hour to like someone,
and a day to love someone, but it takes a lifetime to forget someone..."