httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: Next update on CVE-2011-3192
Date Thu, 25 Aug 2011 12:17:27 GMT
+1

Regards

Rüdiger 

> -----Original Message-----
> From: Jim Jagielski [mailto:jim@jaguNET.com] 
> Sent: Donnerstag, 25. August 2011 14:13
> To: dev@httpd.apache.org
> Subject: Re: Next update on CVE-2011-3192
> 
> I have a feeling that we could push this out today...
> 
> I'm going to fold Stefan's path into trunk, and we should use
> trunk (CTR) to polish up the patch as well as add whatever
> other features we need. From there, backporting to 2.2/2.0
> will be trivial.
> 
> On Aug 25, 2011, at 4:18 AM, Dirk-Willem van Gulik wrote:
> 
> > I am keeping a draft at
> > 
> > 	http://people.apache.org/~dirkx/CVE-2011-3192.txt
> > 
> > Changes since last are:
> > 
> > -	version ranges more specific
> > -	vendor information added
> > -	backgrounder on relation to 2007 issues (see below to 
> ensure I got this right).
> > 
> > I suggest we sent this out late Z time today (i.e. end of 
> working day US) _if_ 1) it is likely that we do not have a 
> firm timeline for the full fix and 2) we have a bit more to 
> add. Otherwise we skip to a final update with the fixing 
> instructions for 2.0 and 2.2
> > 
> > Feedback welcome,
> > 
> > Thanks,
> > 
> > Dw.
> 
> 

Mime
View raw message