CVE-2011-3192 - NeXT update ?
Folks, What is wisdom? We have an updated version at people.apache.org/CVE-2011-3192.txt. i'd say, let's send this of day if we expect the full patch to take another 24+ hours. As there is a need for the i proved mitigations And otherwise skip it and go to final ASAP? What is your take ? Thanks, Dw. -- Dirk-Willem van Gulik.
Re: CVE-2011-3192 - NeXT update ?
On Thursday 25 August 2011, Dirk-WIllem van Gulik wrote: Folks, What is wisdom? We have an updated version at people.apache.org/CVE-2011-3192.txt. i'd say, let's send this of day if we expect the full patch to take another 24+ hours. As there is a need for the i proved mitigations And otherwise skip it and go to final ASAP? What is your take ? There are still plenty of bugs in the new code, so I am not confident that it will be ready within 24 hours.
Re: CVE-2011-3192 - NeXT update ?
On Thursday 25 August 2011, Stefan Fritsch wrote: On Thursday 25 August 2011, Dirk-WIllem van Gulik wrote: Folks, What is wisdom? We have an updated version at people.apache.org/CVE-2011-3192.txt. i'd say, let's send this of day if we expect the full patch to take another 24+ hours. As there is a need for the i proved mitigations And otherwise skip it and go to final ASAP? What is your take ? There are still plenty of bugs in the new code, so I am not confident that it will be ready within 24 hours. Looks better now. But I would be even more comfortable if there was a test for the apr_bucket_read() parts. Does anybody have an idea how to test that? In any case, I won't continue on this until tomorrow.