[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-dev
Subject:    CVE-2005-2970 fixed in httpd 2.0.55
From:       Ruediger Pluem <rpluem () apache ! org>
Date:       2005-10-31 23:03:35
Message-ID: 4366A2C7.8090801 () apache ! org
[Download RAW message or body]

Hi,

I just noticed that it was missed to mention that CVE-2005-2970 has been fixed with \
httpd 2.0.55 (See the following entry from 2.0.55 Changelog:

  *) worker MPM: Fix a memory leak which can occur after an aborted
     connection in some limited circumstances.  [Greg Ames]

)

The entry is missing in the Changelog (which cannot be changed any longer for 2.0.55,
btw: does it make sense to adjust this entry such that this hint will be included in
2.0.56?)
as well as on http://httpd.apache.org/security/vulnerabilities_20.html
As I see that the vulnerabilities files are basicly only adjusted by one person the \
question for me is: Should I add it or not?


Regards

Rüdiger


[prev in list] [next in list] [prev in thread] [next in thread]