httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <>
Subject Re: [PATCH httpd 1.2] chunk size overflow
Date Fri, 21 Jun 2002 22:06:00 GMT
> This patch should be sufficient to fix the security hole for most
> versions of Apache httpd 1.2.  Should we put it up on dist/httpd?

It turns out that this small patch is sufficient to plug the hole
on all 1.2 and 1.3.* versions up until 1.3.24 if mod_proxy is in use.
I have placed it in the relevant dist/httpd/patches directories.
It probably should have been sent to CERT along with the advisory,
or at least linked from our info file.  I'll leave that to others.


View raw message