httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch ...@sfritsch.de>
Subject Re: CVE-2011-3192 - NeXT update ?
Date Thu, 25 Aug 2011 23:15:18 GMT
On Thursday 25 August 2011, Stefan Fritsch wrote:
> On Thursday 25 August 2011, Dirk-WIllem van Gulik wrote:
> > Folks,
> > 
> > What is wisdom? We have an updated version at
> > people.apache.org/CVE-2011-3192.txt.
> > 
> > i'd say, let's send this of day if we expect the full patch to
> > take another 24+ hours. As there is a need for the i proved
> > mitigations
> > 
> >  And otherwise skip it and go to final ASAP?
> > 
> > What is your take ?
> 
> There are still plenty of bugs in the new code, so I am not
> confident that it will be ready within 24 hours.

Looks better now. But I would be even more comfortable if there was a 
test for the apr_bucket_read() parts. Does anybody have an idea how to 
test that?

In any case, I won't continue on this until tomorrow.

Mime
View raw message