httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <>
Subject Re: CVE-2017-3167: ap_get_basic_auth_pw authentication bypass
Date Mon, 19 Jun 2017 22:44:02 GMT
On Mon, Jun 19, 2017 at 5:41 PM, Jacob Champion <> wrote:
> On 06/19/2017 03:35 PM, William A Rowe Jr wrote:
>> Not to announce@httpd? users@ and dev@ aren't particularly
>> broadcast channels.
>> announce@a.o might be too wide an audience, but that's why
>> we document the CVE's with short notes in the foundation-wide
>> release announcement. At least, used to document them.
> I was following Jim's lead on the first CVE announcement. I'm not opposed to
> a [SECURITY] announcement for all five; just timid. :)
> Any opposed to me copying all five to announce@httpd?

None at all, I have moderation and will push it on.

Just FYI you must always send-from your identity
when pushing mail to any announce@ list, because all other posts
are pre-filtered before moderation.

View raw message