Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Dev

Next update on CVE-2011-3192

 

 

Apache dev RSS feed   Index | Next | Previous | View Threaded


dirkx at webweaving

Aug 25, 2011, 1:18 AM

Post #1 of 3 (1130 views)
Permalink
Next update on CVE-2011-3192

I am keeping a draft at

http://people.apache.org/~dirkx/CVE-2011-3192.txt

Changes since last are:

- version ranges more specific
- vendor information added
- backgrounder on relation to 2007 issues (see below to ensure I got this right).

I suggest we sent this out late Z time today (i.e. end of working day US) _if_ 1) it is likely that we do not have a firm timeline for the full fix and 2) we have a bit more to add. Otherwise we skip to a final update with the fixing instructions for 2.0 and 2.2

Feedback welcome,

Thanks,

Dw.


jim at jaguNET

Aug 25, 2011, 5:13 AM

Post #2 of 3 (1043 views)
Permalink
Re: Next update on CVE-2011-3192 [In reply to]

I have a feeling that we could push this out today…

I'm going to fold Stefan's path into trunk, and we should use
trunk (CTR) to polish up the patch as well as add whatever
other features we need. From there, backporting to 2.2/2.0
will be trivial.

On Aug 25, 2011, at 4:18 AM, Dirk-Willem van Gulik wrote:

> I am keeping a draft at
>
> http://people.apache.org/~dirkx/CVE-2011-3192.txt
>
> Changes since last are:
>
> - version ranges more specific
> - vendor information added
> - backgrounder on relation to 2007 issues (see below to ensure I got this right).
>
> I suggest we sent this out late Z time today (i.e. end of working day US) _if_ 1) it is likely that we do not have a firm timeline for the full fix and 2) we have a bit more to add. Otherwise we skip to a final update with the fixing instructions for 2.0 and 2.2
>
> Feedback welcome,
>
> Thanks,
>
> Dw.


ruediger.pluem at vodafone

Aug 25, 2011, 5:17 AM

Post #3 of 3 (1043 views)
Permalink
RE: Next update on CVE-2011-3192 [In reply to]

+1

Regards

Rüdiger

> -----Original Message-----
> From: Jim Jagielski [mailto:jim [at] jaguNET]
> Sent: Donnerstag, 25. August 2011 14:13
> To: dev [at] httpd
> Subject: Re: Next update on CVE-2011-3192
>
> I have a feeling that we could push this out today...
>
> I'm going to fold Stefan's path into trunk, and we should use
> trunk (CTR) to polish up the patch as well as add whatever
> other features we need. From there, backporting to 2.2/2.0
> will be trivial.
>
> On Aug 25, 2011, at 4:18 AM, Dirk-Willem van Gulik wrote:
>
> > I am keeping a draft at
> >
> > http://people.apache.org/~dirkx/CVE-2011-3192.txt
> >
> > Changes since last are:
> >
> > - version ranges more specific
> > - vendor information added
> > - backgrounder on relation to 2007 issues (see below to
> ensure I got this right).
> >
> > I suggest we sent this out late Z time today (i.e. end of
> working day US) _if_ 1) it is likely that we do not have a
> firm timeline for the full fix and 2) we have a bit more to
> add. Otherwise we skip to a final update with the fixing
> instructions for 2.0 and 2.2
> >
> > Feedback welcome,
> >
> > Thanks,
> >
> > Dw.
>
>

Apache dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.