[nycbug-talk] Apache Vuln, mod_rewrite

Isaac Levy ike at lesmuug.org
Wed Aug 2 13:55:04 EDT 2006

Hi All,

On Aug 2, 2006, at 1:06 PM, Okan Demirmen wrote:

> I couldn't tell you why it has not gotten a lot of attention.

Yeah.  Hrmph.
I'm a bit dissappointed in the way Apache is being run here,  
especially in the context of the scale of it's use.  With 2.2  
(ohboy), I'm starting to become slowly convinced there's plenty of  
room for other serious http contenders (not just based on licensing  
issues), though I still love and rely on Apache for many  
applications...  I'm sure a lot of us do.

On Aug 2, 2006, at 1:11 PM, Jeff Quast wrote:
> I just wanted to clarify the statement "today this hit undeadly". I
> don't want somebody taking this the wrong way and thinking undeadly
> was hacked!!

My bad, correction:
today this *news* hit undeadly (more like, today I noticed it on  

Regarding the *BSD response:

On Aug 2, 2006, at 1:11 PM, Jeff Quast wrote:
> OpenBSD announced the patch on Sunday
> http://www.openbsd.org/errata.html , with the modification time of the
> 28th as well.

On Aug 2, 2006, at 1:19 PM, Dan Langille wrote:
> The FreeBDS ports tree was patched (at least for www/apache13) on the
> 27th:
>   http://www.freshports.org/www/apache13/
> Something was added to security/vuxml about this on the 28th:
>   http://www.freshports.org/security/vuxml/
>   http://www.vuxml.org/freebsd/dc8c08c7-1e7c-11db-88cf-
> 000c6ec775d9.html  (or http://tinyurl.com/jwa97)

It's great to see that various maintainers in the *BSD world are on  
top of this :)


More information about the talk mailing list