From the Announcement on modssl-users: * From: Ralf S. Engelschall * Subject: [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31 * Date: Fri, 16 Jul 2004 13:45:46 -0700 We've today found an ssl_log() related format string vulnerability in the mod_proxy hook functions of mod_ssl for Apache 1.3.x (mod_ssl for Apache 2.x is not affected). A mod_ssl 2.8.19 for Apache 1.3.31 was created which fixes this potential security hole. Get mod_ssl-2.8.19-1.3.31.tar.gz from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall _________________ Additional patches for non security related formatting bugs were posted in http://www.mail-archive.com/modssl-users@modssl.org/msg16855.html Reproducible: Always Steps to Reproduce:
In cvs, already marked stable for x86 and sparc.
ppc, hppa, mips : please mark net-www/mod_ssl-2.8.19 stable.
Marked ppc
GLSA 200407-18
stable on mips.