httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <>
Subject Re: CVE-2011-3368 not fully fixed?
Date Tue, 25 Oct 2011 16:43:37 GMT
On 10/25/2011 11:21 AM, "Plüm, Rüdiger, VF-Group" wrote:
> I did some further analysis. While the patch for trunk is still fine
> as it shortens the path for bailing out the behaviour was already correct
> with trunk and 2.2.21. So the HTTP/0.9 behaviour you see does NOT happen with
> 2.2.x >= 2.2.18 (plus patch) and trunk. You are affected by an old logic that
> was changed in r1100200 and hence changed since 2.2.18.

Should the contents of www.a.o/dist/httpd/patches/apply_to_2.2...
be updated?

View raw message