httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: Next update on CVE-2011-3192
Date Thu, 25 Aug 2011 12:13:04 GMT
I have a feeling that we could push this out today…

I'm going to fold Stefan's path into trunk, and we should use
trunk (CTR) to polish up the patch as well as add whatever
other features we need. From there, backporting to 2.2/2.0
will be trivial.

On Aug 25, 2011, at 4:18 AM, Dirk-Willem van Gulik wrote:

> I am keeping a draft at
> 
> 	http://people.apache.org/~dirkx/CVE-2011-3192.txt
> 
> Changes since last are:
> 
> -	version ranges more specific
> -	vendor information added
> -	backgrounder on relation to 2007 issues (see below to ensure I got this right).
> 
> I suggest we sent this out late Z time today (i.e. end of working day US) _if_ 1) it
is likely that we do not have a firm timeline for the full fix and 2) we have a bit more to
add. Otherwise we skip to a final update with the fixing instructions for 2.0 and 2.2
> 
> Feedback welcome,
> 
> Thanks,
> 
> Dw.


Mime
View raw message