httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@apache.org>
Subject Re: [PATCH httpd 1.2] chunk size overflow
Date Fri, 21 Jun 2002 22:06:00 GMT
> This patch should be sufficient to fix the security hole for most
> versions of Apache httpd 1.2.  Should we put it up on dist/httpd?

It turns out that this small patch is sufficient to plug the hole
on all 1.2 and 1.3.* versions up until 1.3.24 if mod_proxy is in use.
I have placed it in the relevant dist/httpd/patches directories.
It probably should have been sent to CERT along with the advisory,
or at least linked from our info file.  I'll leave that to others.

....Roy


Mime
View raw message