httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <>
Subject Re: [users@httpd] Fwd: Patches for CVE-2016-8743 (apache 2.4.18)
Date Wed, 25 Jan 2017 12:34:49 GMT

On Wed, Jan 25, 2017 at 9:17 AM, Rashmi Srinivasan
<> wrote:

>   We are trying to port the fix for CVE (CVE-2016-8743) to 2.4.18. Tried
> checking the revision on git for the list of files fixed for this CVE.
> There are lots of changes related to RFC7320 and was difficult to figure out
> the files changed for this CVE as We couldnt find the CVE-2016-8743 in the
> log either.

The branch [1] collects all the related changes between versions
2.4.25 (latest) and 2.4.23 (previous).

Attached is the output of:
$ svn diff -x-p

It should apply cleanly to 2.4.23, though it may not to 2.4.18
(possibly more work needed...).

Hope this helps.



View raw message