ruediger.pluem at vodafone
Aug 25, 2011, 5:17 AM
Post #3 of 3
> -----Original Message-----
> From: Jim Jagielski [mailto:jim [at] jaguNET]
> Sent: Donnerstag, 25. August 2011 14:13
> To: dev [at] httpd
> Subject: Re: Next update on CVE-2011-3192
> I have a feeling that we could push this out today...
> I'm going to fold Stefan's path into trunk, and we should use
> trunk (CTR) to polish up the patch as well as add whatever
> other features we need. From there, backporting to 2.2/2.0
> will be trivial.
> On Aug 25, 2011, at 4:18 AM, Dirk-Willem van Gulik wrote:
> > I am keeping a draft at
> > http://people.apache.org/~dirkx/CVE-2011-3192.txt
> > Changes since last are:
> > - version ranges more specific
> > - vendor information added
> > - backgrounder on relation to 2007 issues (see below to
> ensure I got this right).
> > I suggest we sent this out late Z time today (i.e. end of
> working day US) _if_ 1) it is likely that we do not have a
> firm timeline for the full fix and 2) we have a bit more to
> add. Otherwise we skip to a final update with the fixing
> instructions for 2.0 and 2.2
> > Feedback welcome,
> > Thanks,
> > Dw.