From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15263 invoked by alias); 27 Feb 2004 03:11:05 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 15217 invoked from network); 27 Feb 2004 03:11:04 -0000 Received: from unknown (HELO dessent.net) (66.227.14.169) by sources.redhat.com with SMTP; 27 Feb 2004 03:11:04 -0000 Received: from localhost ([127.0.0.1] helo=dessent.net) by dessent.net with esmtp (Exim 4.30) id 1AwYSa-0006e7-41 for cygwin@cygwin.com; Fri, 27 Feb 2004 03:14:44 +0000 Message-ID: <403EB543.4C494E15@dessent.net> Date: Fri, 27 Feb 2004 05:43:00 -0000 From: Brian Dessent Organization: My own little world... MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: What happened to mod_php References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Reply-To: cygwin@cygwin.com X-SW-Source: 2004-02/txt/msg01357.txt.bz2 Igor Pechtchanski wrote: > now. Both apache and mod_php4 were suffering from multiple > vulnerabilities due to being linked to the old ssl libraries. The > maintainer was rather busy and couldn't update them in a timely manner, so Actually IIRC the vulnerability was part of the core Apache, and had something to do with "..\" being able to traverse paths due to the fact that '\' is not a pathname seperator in unix. But yes, new mod_php packages should be posted soon to go with the fixed 1.3.29 Apache. Brian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/