tech-security: Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client

Subject: Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client
To: Sean Davis <dive@endersgame.net>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: tech-security
Date: 03/07/2002 20:54:25

On Thu, Mar 07, 2002 at 02:50:00PM -0500, Sean Davis wrote:
> I think the vulnerability in question is in PHP. Is the version of PHP4 in
> NetBSD pkgsrc fixed? I've disabled php in apache since I don't use it much
> anyway, but I'd feel a lot better about re-enabling it if I knew it was no
> longer an issue.

Yes, pkgsrc has been fixed by the update to 4.1.2

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
--