httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: Segfault with fix for CVE-2009-1891
Date Mon, 03 Aug 2009 12:15:00 GMT
On Mon, Aug 03, 2009 at 01:09:35PM +0200, Ruediger Pluem wrote:
> On 08/03/2009 12:52 PM, Joe Orton wrote:
> > On Tue, Jul 28, 2009 at 07:35:25PM +0200, Stefan Fritsch wrote:
> >> I have backported r791454 to 2.2.3 in Debian 4.0 and have received a
> >> report [1] about segfaults with mod_deflate and mod_php (5.2.0). As
...
> > This sounds exactly like:
> > 
> > https://issues.apache.org/bugzilla/show_bug.cgi?id=36780
...
> Yes, but AFAIU Stefan it doesn't happen with 2.2.11 which does not
> contain this patch :-).

PR 36780 is triggered by an output filter returning an error, so, it 
doesn't seem surprising (in retrospect!) that r791454 makes it much 
easier to trigger - the core output filter will now return errors in 
very common cases (an aborted connection).

Regards, Joe

Mime
View raw message