httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: CVE-2017-3167: ap_get_basic_auth_pw authentication bypass
Date Mon, 19 Jun 2017 22:44:02 GMT
On Mon, Jun 19, 2017 at 5:41 PM, Jacob Champion <champion.p@gmail.com> wrote:
> On 06/19/2017 03:35 PM, William A Rowe Jr wrote:
>>
>> Not to announce@httpd? users@ and dev@ aren't particularly
>> broadcast channels.
>>
>> announce@a.o might be too wide an audience, but that's why
>> we document the CVE's with short notes in the foundation-wide
>> release announcement. At least, used to document them.
>
>
> I was following Jim's lead on the first CVE announcement. I'm not opposed to
> a [SECURITY] announcement for all five; just timid. :)
>
> Any opposed to me copying all five to announce@httpd?

None at all, I have moderation and will push it on.

Just FYI you must always send-from your @apache.org identity
when pushing mail to any announce@ list, because all other posts
are pre-filtered before moderation.

Mime
View raw message