httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: 1.3 patches for recent security issues (funny or not, depending on your situation)
Date Mon, 30 Jan 2012 22:07:32 GMT
On 1/30/2012 3:54 PM, Jeff Trawick wrote:
> Notes to the general public:
> * This is not necessarily a complete list, depending on your idea of "recent".
> * These are not official patches.
> * These do not match any vetted commits to the source tree.
> * No official release of these or other fixes to 1.3 is planned.
> 
> CVE-2011-3368/CVE-2011-4317:
> http://people.apache.org/~trawick/1.3-CVE-2011-4317-r1235443.patch
> 
> CVE-2012-0053:
> http://people.apache.org/~trawick/2.0-CVE-2012-0053-r1234837.patch

Perhaps update security.xml for these?  They can be deposited into the
appropriate patches/apply_to_1.3.42/ - and we should probably clean out
all the other apply_to_1.3 patches from www.a.o (still, on archive.a.o).


Mime
View raw message