httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Next update
Date Fri, 26 Aug 2011 08:47:24 GMT
Folks - as we're not quit there yet - I want to do sent out an updated advisory at 11:00 UTC.
We have enough new information and extra mitigations. Will post the draft(s) to security@
this time.

Secondly - I got below updates to the regex-es; to optimise the pcre expressions and remove
the exhaustive match:

from
           SetEnvIf Range (,.*?){5,} bad-range=1
to
           SetEnvIf Range (?:,.*?){5,} bad-range=1

from:
           RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$)
to:
           RewriteCond %{HTTP:range} !(?:^bytes=[^,]+(?:,[^,]+){0,4}$|^$)

Please pipe up if you see issues with those,

Thanks

Dw.

PS: Committers - if you are not subscribed to security@ - now is a good time :)


Mime
View raw message