httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: svn commit: r113 - /release/httpd/patches/apply_to_2.0.63/CVE-2010-0425.patch
Date Tue, 09 Mar 2010 21:43:47 GMT
On 3/9/2010 2:51 PM, Joe Orton wrote:
> On Tue, Mar 09, 2010 at 02:43:08PM -0600, William Rowe wrote:
>> On 3/9/2010 11:15 AM, Jeff Trawick wrote:
>>> On Tue, Mar 9, 2010 at 11:52 AM,  <wrowe@apache.org> wrote:
>>>> Author: wrowe
>>>> Date: Tue Mar  9 11:52:32 2010
>>>> New Revision: 113
>>>>
>>>> Log:
>>>> For 2.0 patch available, note different line numbers
>>>
>>> I will continue working on the related vulnerabilities-httpd.xml
>>> update unless you've already started ;)
>>
>> Be my guest, I was just moving the single entry and see you had jumped
>> into the 2.0 security report xml.  I was just going back over source code
>> to verify the age of the flaw.
> 
> Has anybody looked into whether CVE-2010-0434 affects 2.0.x too, on the 
> subject of security and 2.0.x?  The r->headers_in table issue looks the 
> same but I didn't manage to get a test case working for 2.2.x to be able 
> to reproduce it.

Yes, but the patch is trivial.  See the next status commit.  If accepted
I'll be happy to add to apply_to_2.0.63

Mime
View raw message