httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r556298 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS server/mpm_common.c
Date Thu, 19 Jul 2007 13:55:27 GMT
On Thu, Jul 19, 2007 at 09:06:39AM -0400, Jeff Trawick wrote:
> On 7/19/07, Joe Orton <jorton@redhat.com> wrote:
> >On Thu, Jul 19, 2007 at 08:30:37AM -0400, Jeff Trawick wrote:
> >> assert(
> >> CVE-2007-3304 does not apply to 2.0.x.  This commit is a fix in the
> >> same general area as the 2.2.x vulnerability and should not have the
> >> SECURITY/CVE label.
> >> )
> >
> >I erroneously claimed that originally, then later found an attack vector
> >for -3304 which did work for 2.0.x:
> >
> >http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192@redhat.com%3e
> >
> >The wording above is not really appropriate for CHANGES, I've just fixed
> >that.
> 
> thanks for the big clues; any need to fix mitre.org text?

Ah, I didn't realise they had the versions referenced.  I've send them a 
note.

joe

Mime
View raw message