Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/apache/dev/ en-us (c) Gossamer Threads Inc. All rights reserved. 16 May 2008 14:55:15 -0800 120 75 23 http://www.gossamer-threads.com/lists/apache/dev/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg The debian gaffe also affects any 'req's or self-signed certs created on the affected platform. Unfortunately the blacklists generated by folks are 16 May 2008 13:11:43 -0800 http://www.gossamer-threads.com/lists/apache/dev/351684 On May 15, 2008, at 3:00 PM, Ruediger Pluem wrote: > > > On 05/15/2008 05:29 AM, BOYA SUN wrote: >> Here is another potential bug we've just discover 16 May 2008 05:06:06 -0800 http://www.gossamer-threads.com/lists/apache/dev/351665 On tor, 2008-05-15 at 21:07 +0100, John ORourke wrote: > This error would typically happen on a busy site with a full log > partition. Writing to sy 16 May 2008 02:34:01 -0800 http://www.gossamer-threads.com/lists/apache/dev/351663 Henrik Nordstrom wrote: > On tor, 2008-05-15 at 21:00 +0200, Ruediger Pluem wrote: > >>> \apache\src\log.c(682): apr_file_puts(errstr, logf 15 May 2008 13:07:03 -0800 http://www.gossamer-threads.com/lists/apache/dev/351658 On 05/15/2008 09:44 PM, Henrik Nordstrom wrote: > On tor, 2008-05-15 at 21:00 +0200, Ruediger Pluem wrote: >>> \apache\src\log.c(682): apr_fil 15 May 2008 13:04:31 -0800 http://www.gossamer-threads.com/lists/apache/dev/351657 On tor, 2008-05-15 at 21:00 +0200, Ruediger Pluem wrote: > > \apache\src\log.c(682): apr_file_puts(errstr, logf); > > I see nothing reasonabl 15 May 2008 12:44:31 -0800 http://www.gossamer-threads.com/lists/apache/dev/351656 On 05/15/2008 05:29 AM, BOYA SUN wrote: > Here is another potential bug we've just discovered, and it seems to be occured in several places. Please al 15 May 2008 12:00:32 -0800 http://www.gossamer-threads.com/lists/apache/dev/351654 The response to TRACE when "TraceEnable Off" is not used on an EBCDIC platform is partially in ASCII and partially in EBCDIC (part readable, part garb 15 May 2008 10:54:35 -0800 http://www.gossamer-threads.com/lists/apache/dev/351653 Here is another potential bug we've just discovered, and it seems to be occured in several places. Please also take a look at it if interested, thanks 14 May 2008 20:20:27 -0800 http://www.gossamer-threads.com/lists/apache/dev/351629 On 05/14/2008 10:19 PM, Paul Querna wrote: > BOYA SUN wrote: > >> *BUG#1* >> *Category: 1* >> *File Name:* /httpd-2.2.8/support/ab.c *Function Name 14 May 2008 13:43:31 -0800 http://www.gossamer-threads.com/lists/apache/dev/351618 Dear Paul, Thank you so much for replying to the email. It seems that our approach is accurate in finding bugs of Category 1, but not so accurate for 14 May 2008 13:40:45 -0800 http://www.gossamer-threads.com/lists/apache/dev/351617 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, but as stated in my email, suphp uses cgi, which I don't like (unnecessary exec()'s), and is the e 14 May 2008 13:22:51 -0800 http://www.gossamer-threads.com/lists/apache/dev/351616 BOYA SUN wrote: > Dear Apache-HTTPD developers, > > I am a Ph.D student in the Software Engineering Research Group of EECS > department in Case Wes 14 May 2008 13:19:54 -0800 http://www.gossamer-threads.com/lists/apache/dev/351615 Dear Apache-HTTPD developers, I am a Ph.D student in the Software Engineering Research Group of EECS department in Case Western Reserve University, 14 May 2008 11:44:19 -0800 http://www.gossamer-threads.com/lists/apache/dev/351609 Hi, >>> How do you think about this idea ? do you already know this: http://www.suphp.org/ Guenter. 14 May 2008 10:51:15 -0800 http://www.gossamer-threads.com/lists/apache/dev/351608 HTTP User and Desktop Security Communities; With respect to http://www.securityfocus.com/bid/29112 Per http://www.ietf.org/rfc/rfc2616.txt 3.7.1 Ca 14 May 2008 10:27:42 -0800 http://www.gossamer-threads.com/lists/apache/dev/351607 Nick Gearls wrote: > > Cross-site scripting (XSS) vulnerability when displaying the 403 > Forbidden error page > I can't find any info about this is 14 May 2008 10:14:50 -0800 http://www.gossamer-threads.com/lists/apache/dev/351605 > Cross-site scripting (XSS) vulnerability when displaying the 403 Forbidden error page I can't find any info about this issue on the site. I guess 14 May 2008 04:35:12 -0800 http://www.gossamer-threads.com/lists/apache/dev/351590 > I see no issues with making this the default and having a --disable-dtrace. > I can see a reason that someone might wish to turn them off -- thoug 13 May 2008 17:49:37 -0800 http://www.gossamer-threads.com/lists/apache/dev/351565 If you are just catching up: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0166 http://it.slashdot.org/article.pl?sid=08/05/13/1533212 Most of the tal 13 May 2008 14:18:29 -0800 http://www.gossamer-threads.com/lists/apache/dev/351562 I know that the following patch really requires some work to review, but it is missing only one vote and it would be really worth to be included in 2. 13 May 2008 14:02:01 -0800 http://www.gossamer-threads.com/lists/apache/dev/351561 On 05/13/2008 04:21 AM, fielding@apache.org wrote: > Author: fielding > Date: Mon May 12 19:21:33 2008 > New Revision: 655711 > > URL: http://svn.apa 13 May 2008 12:30:58 -0800 http://www.gossamer-threads.com/lists/apache/dev/351560 On 05/12/2008 08:39 PM, jim@apache.org wrote: > Author: jim > Date: Mon May 12 11:39:34 2008 > New Revision: 655594 > > URL: http://svn.apache.org/vi 12 May 2008 13:33:21 -0800 http://www.gossamer-threads.com/lists/apache/dev/351478 I haven't looked at the code in mod_proxy to see how it handles the Keep-Alive header returned by the backend server, but what I'm seeing in this tcpd 12 May 2008 13:15:30 -0800 http://www.gossamer-threads.com/lists/apache/dev/351477 On Mon, 12 May 2008 13:52:18 -0400 "Adam Woodworth" <mirkperl@gmail.com> wrote: > Hi, > > I was wondering if anyone might have some more information 12 May 2008 12:31:54 -0800 http://www.gossamer-threads.com/lists/apache/dev/351476