Apache 1.3.26 and 2.0.39 Released

cliffwoolley writes "The Apache Software Foundation has released new versions of both Apache 1.3 and 2.0. These versions are both security and bug-fix releases. They address and fix the issues noted in CAN-2002-0392 [CERT VU#944335] regarding a vulnerability in the handling of chunked transfer encoding. You can download the new releases here." This of course is for the exploit that we reported yesterday. It is hard to complain about a 24-hour response time for a bug.

Re:Complaints Timescale

[4of12]

just type it in a search engine...

What are you asking, man! I'd have to learn how to read, write and think to do that.

Can't I just get a warm fuzzy feeling by buying a large support agreement from Microsoft?

Besides, I'll be among a large herd of IIS users - who could possibly know and want to `sploit me with Code Red?

Most buyers at my site are using fradulent credit card numbers anyway, so if the database gets owned it's not all that big a deal.

Not up to industry standards

[return+42]

Geez, how unprofessional. They knew about the vuln, they were working on it, then someone stupidly spilled the beans and they had to pull an all-nighter so their users wouldn't be exposed any longer than necessary.

Anyone knows that a real, professional company would sit on the vuln report for a few weeks, until the finder got fed up and went public with it, then they'd complain about irresponsible disclosure and take two weeks to release a fix.