httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: Might as well be a CERT warning.
Date Sat, 11 Jan 1997 18:34:39 GMT
> Randy Terbush wrote:
> > 
> > 
> > Looks like we have concensus to roll a 1.1.2 release with this patch
> > applied. Shall I?  I raise the concern about all the other overflow
> > problems that are being addressed in 1.2. Seems this could be used
> > as a catalist to get these people to move to 1.2 instead of a 1.1.2.
> > 
> > *shrug*
> 
> In my view, we _must_ release a 1.1.2 which addresses the problem, though
> it doesn't have to be that patch, of course. We can't have a server in the
> wild with a known security hole.
> 
> Cheers,
> 
> Ben.
> 

*sigh*, But as the "Extra Long URL" email that just came in shows,
there are a bunch of other problems.

Do we create a patched version backporting the changes that Marc Slemko
is working on, or offer 1.2 as the fix?




Mime
View raw message