On Thursday 25 August 2011, Stefan Fritsch wrote: > On Thursday 25 August 2011, Dirk-WIllem van Gulik wrote: > > Folks, > > > > What is wisdom? We have an updated version at > > people.apache.org/CVE-2011-3192.txt. > > > > i'd say, let's send this of day if we expect the full patch to > > take another 24+ hours. As there is a need for the i proved > > mitigations > > > > And otherwise skip it and go to final ASAP? > > > > What is your take ? > > There are still plenty of bugs in the new code, so I am not > confident that it will be ready within 24 hours.
Looks better now. But I would be even more comfortable if there was a test for the apr_bucket_read() parts. Does anybody have an idea how to test that? In any case, I won't continue on this until tomorrow.
