Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 98D957142 for ; Wed, 31 Aug 2011 20:07:57 +0000 (UTC) Received: (qmail 63489 invoked by uid 500); 31 Aug 2011 20:07:56 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 63480 invoked by uid 500); 31 Aug 2011 20:07:56 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 63472 invoked by uid 99); 31 Aug 2011 20:07:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 31 Aug 2011 20:07:55 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of dirkx@webweaving.org designates 178.18.23.51 as permitted sender) Received: from [178.18.23.51] (HELO pikmeer.webweaving.org) (178.18.23.51) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 31 Aug 2011 20:07:46 +0000 Received: from pappamoem.home (host86-179-208-247.range86-179.btcentralplus.com [86.179.208.247]) (authenticated bits=0) by pikmeer.webweaving.org (8.14.4/8.14.4) with ESMTP id p7VK7Afa000211 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Wed, 31 Aug 2011 20:07:11 GMT (envelope-from dirkx@webweaving.org) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1244.3) Subject: Re: Next update From: Dirk-WIllem van Gulik In-Reply-To: <0F87A257-274D-4803-B9B4-996203B85CDA@webweaving.org> Date: Wed, 31 Aug 2011 21:07:26 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <5F70EDB6-9189-4D10-BE4B-73601062EF1D@webweaving.org> References: <42A9210B-B11F-4771-957E-BC6DC6886BCB@webweaving.org> <4E57CB51.7070804@apache.org> <00AC7C77-66BA-4E27-A919-1D1766A39C1B@webweaving.org> <4E57D272.9010208@rowe-clan.net> <0F87A257-274D-4803-B9B4-996203B85CDA@webweaving.org> To: dev@httpd.apache.org X-Mailer: Apple Mail (2.1244.3) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.5 (pikmeer.webweaving.org [178.18.23.51]); Wed, 31 Aug 2011 20:07:11 +0000 (UTC) X-Virus-Checked: Checked by ClamAV on apache.org On 31 Aug 2011, at 21:03, Dirk-WIllem van Gulik wrote: > Suggestion for >=20 > http://people.apache.org/~dirkx/CVE-2011-3192.txt >=20 > to be sent to announce and the usual security places. >=20 > -> Comments on weaken/strenghten 1.3 text >=20 > Happy to completely recant that it was vulnerable. Or happy to = keep a bit of a warning in there. >=20 > -> Lots of small tweaks. >=20 > -> Do we leave the 200/206 chunked/full range caveats in - or is = that no longer the case ? >=20 > Thanks, Ah - before I forget - also fine to not do it this heavy handed - but to = sent Jim his message to users/devs@ to these security places as well. But am slightly biased to towards an advisory of this size - as it helps = admins in large organizations negotiate priorities with their ops teams, = bosses and others. Dw.=