apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: CVE-2009-2699 - Solaris port fix
Date Fri, 16 Oct 2009 10:52:39 GMT
On Fri, Oct 16, 2009 at 6:21 AM, Jeff Trawick <trawick@gmail.com> wrote:
> On Fri, Oct 16, 2009 at 5:43 AM, Joe Orton <jorton@redhat.com> wrote:
>> Since there is no specific reference to the fix for CVE-2009-2699 in the
>> APR change history or elsewhere, can someone (hello Jeff) confirm that
>> the patch referenced here:
>>
>>  https://issues.apache.org/bugzilla/show_bug.cgi?id=47645#c13
>>
>> is a sufficient fix for the vulnerability?
>
> https://issues.apache.org/bugzilla/attachment.cgi?id=24161 is okay for
> applying to older levels.
>

FWIW, I have a interposer library to LD_PRELOAD that I've given to a
number of people to resolve this problem.  It is available upon
request.

Mime
View raw message