httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: [PATCH] lets do 1.2.5
Date Sun, 04 Jan 1998 22:34:06 GMT
+1. 

For folks wishing to test this, since what Marc posted isn't a patch
against 1.2.4 but rather a patch against what we've had for 1.2.5 in the
repository for a while, I've tarballed the source.  You can find it at
<http://www.arctic.org/~dgaudet/125.tar.gz>. 

Dean

On Sun, 4 Jan 1998, Marc Slemko wrote:

> NOTE: please do not redistribute the below information.  I fully
> support the concept of full disclosure, but let us get a release out
> without all sorts of rumors starting to fly before it.  Thanks.
> 
> The below patch addresses several security problems in the Apache
> code that Dean and I have found.  The below changes has been discussed
> privately with most of the primary developers.
> 
> Once we get some votes on this (the patch and the suggested process), it
> will be committed soon and a tarball rolled.  After a day or so to test,
> it will be released as early in the week as we can reasonably manage.  The
> idea is move very quickly getting this voted on, committed and the tarball
> rolled, then give a bit of time to verify things before it goes out.
> 
> I am writing a security announcement to go with it, guess I may as well
> do the 1.2.5 announcement as well.  Brian, can you please add marcs@znep.com
> to those who can post to apache-announce.  
> 
> I need a volunteer to roll the tarball when we are ready.


Mime
View raw message