httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <>
Subject Re: Wrapup -- Was: 2.2 approach for byterange?
Date Mon, 29 Aug 2011 20:46:46 GMT

Am 29.08.2011 22:41, schrieb William A. Rowe Jr.:
> On 8/29/2011 3:31 PM, Stefan Fritsch wrote:
>> Jim offered to RM 2.2.20, but I don't know what timezone he is in. If 
>> 2.2.20 doesn't happen today, it may be good to publish the patch in an 
>> update to the advisory. But I am in the wrong timezone for that ;-)
> If byterange_filter.c to 2.2.x branch is baked and closes the vulnerability,
> it seems prudent to backport this now and also publish both immediately,
> 2.2.20 can't happen without the whole release vote. 

PLEASE make a download for the diff to 2.2.19 on the main-page
so that users which are not developers but able to deal
with rpmbuild can take their distribution-packages and
fix their setup

after running a demo-exploit on my machine with 4x2.50 GHz CPU / 8 GB RAM
which brought the machine down in few seconds i would say this bug is
more than critical

View raw message