httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <>
Subject Re: Httpd security reveals
Date Tue, 03 Jan 2017 06:27:40 GMT
On Mon, Jan 2, 2017 at 11:49 PM, Eric Covener <> wrote:
> On Mon, Jan 2, 2017 at 11:48 PM, William A Rowe Jr <> wrote:
>> So, Jacob and I... He did most of the grunt work, I only pushed off the
>> underlying premise... Have a very very long list of real and potential
>> security patches.
>> I am asking publicly of (often obstanant) httpd pmc folks, do we proceed
>> without a 2.2 mitigation? Those in the know, already know.
>> Happy to RM Wed a.m. if we have the votes.
> Sorry, I totally missed that you had completed/proposed the backport
> of the showstopper to 2.2.x. I should have reviewed it earlier but I
> will work on it Tuesday.

Clarification, I completed 'a' proposal, and reordered a number of other
accepted backports to incorporate all of work in sequence. As Yann had
pointed out 'patch doesn't apply'... when it was all disordered.

There are a couple additions in the past week that should be considered
from the 2.4.x-http-strict branch, but the patch has been complete for
some time.



View raw message