httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: [users@httpd] Apache Fake Story?
Date Wed, 23 Jan 2019 02:44:22 GMT
On Tue, Jan 22, 2019 at 7:57 PM Dan Ehrlich <> wrote:
> Is this true?
> Was this security vulnerability really treated with such disregard by Apache HTTPD devs?

I would personally characterize it differently, without calling what
is written above "fake" or even misleading.

There was no (absolute) disregard, large amounts of time from a
half-dozen people were involved in the original report.
But nonetheless there was a failure to solve (all) of the reported
problems in the report.

- A large and changing set of symptoms was reported in a build with
two layers of non-production memory diagnostics enabled.
- The project team solved some bugs that may have been in the right
neighborhood, but nowhere near complete.
- After  communications problems, both sides went silent.
- The reporter recognized this impasse and notified us he would
publish his work w/o fixes (nor exploits) for the problem.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message