httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: possible long url index fix
Date Sat, 11 Jan 1997 23:27:08 GMT
On Sat, 11 Jan 1997, Randy Terbush wrote:

> > Comments?
> This all looks fine. Portable to any system I have access to.
> BSDI, FreeBSD, NetBSD, SunOS 5.5
> My plan is to apply this and the other patch to 1.1.1 and roll a
> 1.1.2 in the next hour. Agreed?

Once 1.2 comes out, all the buffer overflows which were fixed will
become public knowledge.  That means that anyone still running
1.1.x will be vulnerable to more serious security holes than the ones
being fixed in 1.1.2.  

The amount of work to put the buffer overflow fixes into 1.1.x isn't
trivial because of the amount of checks that have to be done, but it
is worth considering if more discussion is needed on what to do with
1.1.x and security.  

View raw message