httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rashmi Srinivasan <rashmisrinivasan2...@gmail.com>
Subject Re: [users@httpd] Fwd: Patches for CVE-2016-8743 (apache 2.4.18)
Date Fri, 10 Feb 2017 08:00:46 GMT
Thank a lot for the patch Yann,
I will check if this fits in.

regards,
Rashmi

On Wed, Jan 25, 2017 at 6:04 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:

> Hi,
>
> On Wed, Jan 25, 2017 at 9:17 AM, Rashmi Srinivasan
> <rashmisrinivasan2007@gmail.com> wrote:
>
> >   We are trying to port the fix for CVE (CVE-2016-8743) to 2.4.18. Tried
> > checking the revision on git for the list of files fixed for this CVE.
> > There are lots of changes related to RFC7320 and was difficult to figure
> out
> > the files changed for this CVE as We couldnt find the CVE-2016-8743 in
> the
> > log either.
>
> The branch [1] collects all the related changes between versions
> 2.4.25 (latest) and 2.4.23 (previous).
>
> Attached is the output of:
> $ svn diff -x-p
> https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@r1767912
> https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.
> x-merge-http-strict
> >httpd-2.4.23-CVE-2016-8743.patch
>
> It should apply cleanly to 2.4.23, though it may not to 2.4.18
> (possibly more work needed...).
>
> Hope this helps.
>
> Regards,
> Yann.
>
> [1] https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.
> x-merge-http-strict
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Mime
View raw message