[users@httpd] Patch for Apache 2.0.54 Request Smuggling Vulnerability

[Lucas Brasilino <br...@prrr.mpf.gov.br>]

Hi!

I've been looking around to find the patch
to apache 2.0.54 which corrects the
vulnerability pointed out by SecurityFocus at:

http://www.securityfocus.com/bid/14106

It says that this patch is available at SVN
repository... but I didn't find it.

Where can I get it?

Thanks in advance.
-- 
[]'s

Lucas Brasilino
brasilino@prrr.mpf.gov.br
Procuradoria da República no Estado de Roraima
+55-95-6239642
LPIC-1 Certified


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Patch for Apache 2.0.54 Request Smuggling Vulnerability

[Aman Raheja <ar...@techquotes.com>]

Do we expect a public availability of 2.0.55 on apache's website which 
has the bug fix for http://www.securityfocus.com/bid/14106
SecurityFocus says it is available in svn repository but all I find, 
updated 2 hours back is that the vulnerability has been assigned a CAN 
(http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/)

Any pointers?
Thanks
- Aman Raheja

Aman Raheja wrote:

> I was looking the other day - I think 2 days back and did not see it 
> either.
> Moreover this changelog talks about apache 2.0.55, with some security 
> fix and some more stuff, but 2.0.55 is not yet released, though it 
> does not list to be addressing the security issues Lucas has pointed out.
> http://www.apache.org/dist/httpd/CHANGES_2.1
> what's with that?
> Thanks
> - Aman Raheja
>
> Lucas Brasilino wrote:
>
>> Hi!
>>
>> I've been looking around to find the patch
>> to apache 2.0.54 which corrects the
>> vulnerability pointed out by SecurityFocus at:
>>
>> http://www.securityfocus.com/bid/14106
>>
>> It says that this patch is available at SVN
>> repository... but I didn't find it.
>>
>> Where can I get it?
>>
>> Thanks in advance.
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Patch for Apache 2.0.54 Request Smuggling Vulnerability

[Aman Raheja <ar...@techquotes.com>]

I was looking the other day - I think 2 days back and did not see it either.
Moreover this changelog talks about apache 2.0.55, with some security 
fix and some more stuff, but 2.0.55 is not yet released, though it does 
not list to be addressing the security issues Lucas has pointed out.
http://www.apache.org/dist/httpd/CHANGES_2.1
what's with that?
Thanks
- Aman Raheja

Lucas Brasilino wrote:

> Hi!
>
> I've been looking around to find the patch
> to apache 2.0.54 which corrects the
> vulnerability pointed out by SecurityFocus at:
>
> http://www.securityfocus.com/bid/14106
>
> It says that this patch is available at SVN
> repository... but I didn't find it.
>
> Where can I get it?
>
> Thanks in advance.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org