httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: Might as well be a CERT warning.
Date Sat, 11 Jan 1997 19:13:37 GMT
Randy Terbush wrote:
> 
> > Randy Terbush wrote:
> > > 
> > > 
> > > Looks like we have concensus to roll a 1.1.2 release with this patch
> > > applied. Shall I?  I raise the concern about all the other overflow
> > > problems that are being addressed in 1.2. Seems this could be used
> > > as a catalist to get these people to move to 1.2 instead of a 1.1.2.
> > > 
> > > *shrug*
> > 
> > In my view, we _must_ release a 1.1.2 which addresses the problem, though
> > it doesn't have to be that patch, of course. We can't have a server in the
> > wild with a known security hole.
> > 
> > Cheers,
> > 
> > Ben.
> > 
> 
> *sigh*, But as the "Extra Long URL" email that just came in shows,
> there are a bunch of other problems.
> 
> Do we create a patched version backporting the changes that Marc Slemko
> is working on, or offer 1.2 as the fix?
> 

I would like to be able to offer 1.2 as a fix, but we have no idea
when it will be out. And people will not like to go from 1.1.1 golden
to 1.2beta, no matter what.

1.1.2 fixes one specific hole. Hopefully soon we will be able to release
1.2 that fixes a slew of potential ones.

-- 
====================================================================
      Jim Jagielski            |       jaguNET Access Services
     jim@jaguNET.com           |       http://www.jaguNET.com/
                  "Not the Craw... the CRAW!"

Mime
View raw message