Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <403EB543.4C494E15@dessent.net>
Date: Thu, 26 Feb 2004 19:10:59 -0800
From: Brian Dessent <brian AT dessent DOT net>
Organization: My own little world...
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: What happened to mod_php
References: <c1mab6$f2l$1 AT sea DOT gmane DOT org> <Pine DOT GSO DOT 4 DOT 56 DOT 0402262152290 DOT 23353 AT slinky DOT cs DOT nyu DOT edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Reply-To: cygwin AT cygwin DOT com

Igor Pechtchanski wrote:

> now.  Both apache and mod_php4 were suffering from multiple
> vulnerabilities due to being linked to the old ssl libraries.  The
> maintainer was rather busy and couldn't update them in a timely manner, so

Actually IIRC the vulnerability was part of the core Apache, and had
something to do with "..\" being able to traverse paths due to the fact
that '\' is not a pathname seperator in unix.

But yes, new mod_php packages should be posted soon to go with the fixed
1.3.29 Apache.

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/