httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <>
Subject Re: [PATCH] lets do 1.2.5
Date Sun, 04 Jan 1998 22:34:06 GMT

For folks wishing to test this, since what Marc posted isn't a patch
against 1.2.4 but rather a patch against what we've had for 1.2.5 in the
repository for a while, I've tarballed the source.  You can find it at


On Sun, 4 Jan 1998, Marc Slemko wrote:

> NOTE: please do not redistribute the below information.  I fully
> support the concept of full disclosure, but let us get a release out
> without all sorts of rumors starting to fly before it.  Thanks.
> The below patch addresses several security problems in the Apache
> code that Dean and I have found.  The below changes has been discussed
> privately with most of the primary developers.
> Once we get some votes on this (the patch and the suggested process), it
> will be committed soon and a tarball rolled.  After a day or so to test,
> it will be released as early in the week as we can reasonably manage.  The
> idea is move very quickly getting this voted on, committed and the tarball
> rolled, then give a bit of time to verify things before it goes out.
> I am writing a security announcement to go with it, guess I may as well
> do the 1.2.5 announcement as well.  Brian, can you please add
> to those who can post to apache-announce.  
> I need a volunteer to roll the tarball when we are ready.

View raw message