httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: Might as well be a CERT warning.
Date Sat, 11 Jan 1997 19:32:17 GMT
Anyone tracked down the exact location of the extra long url problem?

On Sat, 11 Jan 1997, Randy Terbush wrote:

> > Randy Terbush wrote:
> > > 
> > > 
> > > Looks like we have concensus to roll a 1.1.2 release with this patch
> > > applied. Shall I?  I raise the concern about all the other overflow
> > > problems that are being addressed in 1.2. Seems this could be used
> > > as a catalist to get these people to move to 1.2 instead of a 1.1.2.
> > > 
> > > *shrug*
> > 
> > In my view, we _must_ release a 1.1.2 which addresses the problem, though
> > it doesn't have to be that patch, of course. We can't have a server in the
> > wild with a known security hole.
> > 
> > Cheers,
> > 
> > Ben.
> > 
> 
> *sigh*, But as the "Extra Long URL" email that just came in shows,
> there are a bunch of other problems.
> 
> Do we create a patched version backporting the changes that Marc Slemko
> is working on, or offer 1.2 as the fix?
> 
> 
> 


Mime
View raw message