I'm not sure if anyone ever inherited or merged the original Apache
mod_ssl bug list from engelschall.com - or less likely, still cares -
but if so, the vulnerability & proposed fix given as BugDB-PR#580
[14-Jun-2001] can be closed as a duplicate of CVE-2005-2700.

Yes, OK, I've been out of touch for a while ... only just came across
this again.

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org