httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r218978 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_http.c
Date Tue, 19 Jul 2005 15:07:17 GMT
On Thu, Jul 14, 2005 at 07:43:35AM -0400, Jeff Trawick wrote:
> I'm so confused while trying to draw the line between
> 
> alternate RFC-compliant philosophy
> fixes for actual RFC violations
> fixes for security issues
> 
> I think CHANGES should be crystal clear on what change has a security
> implication.

I am also confused and still trying to catch up and understand these 
changes...

Bill, can you please describe *exactly* what security issues you see in 
the 2.0 proxy after the two already-committed patches (r219061).

CAN-2005-2088 MUST NOT be used to refer to anything other than specific 
issue described in the WatchFire report.  When you start bandying this 
CVE reference around with each new patch it defeats the purpose of 
having a CVE reference in the first place.  If there are wider issues in 
the proxy then they will need new CVE names assigned.

Regards,

joe

Mime
View raw message