httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Backport proposal for CVE-2009-3555
Date Mon, 09 Nov 2009 22:28:18 GMT
I did a first try on backporting the CVE-2009-3555 patch to 2.0:

http://people.apache.org/~rjung/patches/cve-2009-3555_httpd_2_0_x.patch

I hadn't yet time for intensive testing, but first tests looked OK.
I noticed I couldn't log the SSL_SESSION_ID, but maybe that was a
Windows thing. Hadn't yet time and access to test on Unix resp. test on
Windows without patch.

I'll be unfortunately offline for about 10 hours not responding to comments.

Regards,

Rainer


Mime
View raw message