On Tue, Apr 17 2018, Björn Ketelaars <bjorn.ketela...@hydroxide.nl> wrote: > On Tue 17/04/2018 23:06, Björn Ketelaars wrote: >> Diff below brings pound to 2.8a, which fixes potential request smuggling >> via fudged headers. >> >> I played with this version of Pound a couple of months ago...and forgot >> about it. >> >> Build tested ok on amd64. >> >> Comments/OKs?
Grmbl, I thought I had already replied to this one. ok jca@ > Forgot to mention: > > If I'm not mistaken this update addresses > https://www.cvedetails.com/cve/CVE-2016-10711/ Can you please also commit this to OPENBSD_6_3? Should be safe afaik. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE