httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-WIllem van Gulik <di...@webweaving.org>
Subject Re: Next update
Date Wed, 31 Aug 2011 20:07:26 GMT

On 31 Aug 2011, at 21:03, Dirk-WIllem van Gulik wrote:

> Suggestion for
> 
> 	http://people.apache.org/~dirkx/CVE-2011-3192.txt
> 
> to be sent to announce and the usual security places.
> 
> ->	Comments on weaken/strenghten 1.3 text
> 
> 	Happy to completely recant that it was vulnerable. Or happy to keep a bit of a warning
in there.
> 
> ->	Lots of small tweaks.
> 
> ->	Do we leave the 200/206 chunked/full range caveats in - or is that no longer the
case ?
> 
> Thanks,

Ah - before I forget - also fine to not do it this heavy handed - but to sent Jim his message
to users/devs@ to these security places as well.

But am slightly biased to towards an advisory of this size - as it helps admins in large organizations
negotiate priorities with their ops teams, bosses and others.

Dw.
Mime
View raw message