a new version of apache 1.3 was released a couple of days ago; but no updated ebuild yet: http://www.securityfocus.com/bid/8226 http://www.apache.org/dist/httpd/CHANGES_1.3 I'm marking it as critical as this IS a security-update that has not been taken care of by whoever is maintaining it yet! :/
Is there something I missed or is the SECURITY stuff in the CHANGES file just for OS/2 and Win32?
Ok, found what I was looking for on http://www.apache.org/dist/httpd/Announcement.html
added.
aliz: could you please send out GLSA
from /usr/portage/net-www/apache/ChangeLog: -- 23 Jul 2003; Donny Davies <woodchip@gentoo.org> apache-1.3.28.ebuild: Security update. Will un-arch-mask after a few "it works for me" reports. -- #1: it works #2: security updates should really not have been marked as experimental, especially when I've (and probably others) been waiting for this update since tuesday.. (!!) :P
please don't close this, GLSA has to be sent out and package has to be marked stable
please someone unmask mod_ssl-2.8.15 then. the 2.8.14 still depends on th 1.3.27 apache and my emerge -uD world kept up and donwgrading apache every 2nd time I run it
this is all taken care of... the bug is fixed and people are getting the proper versions. oh, and mod_ssl-2.8.15 is unmasked....
