CVE worthy?
(sent to dev@ since it's mild and already discussed publically)
-- Forwarded message --
From:
Date: Wed, Nov 12, 2014 at 9:52 AM
Subject: [Bug 57204] New: LuaAuthzProvider mixes up parsed require
arguments when used multiple times
To: b...@httpd.apache.org
https:/
On Wed, Nov 19, 2014 at 4:47 AM, Yann Ylavic wrote:
> Errr, this is in 2.2.x/STATUS only (not 2.4.x).
> Is it already proposed/backported to 2.4.x (I can't find the commit)?
I diff'ed trunk and 2.4 and It seems to be absent.
I don't have the best handle on this, but if we're about to go down
int
On Wed, Nov 19, 2014 at 10:26 AM, Yann Ylavic wrote:
> Eric, Jeff, since you already voted for r1621453 in 2.4.x/STATUS
Errr, this is in 2.2.x/STATUS only (not 2.4.x).
Is it already proposed/backported to 2.4.x (I can't find the commit)?
On Sat, Aug 30, 2014 at 3:19 PM, Yann Ylavic wrote:
> On Sat, Aug 30, 2014 at 3:02 PM, Eric Covener wrote:
>> On Tue, Aug 26, 2014 at 5:22 AM, Yann Ylavic wrote:
>>> I don't think mod_reqtimeout should handle/count speculative bytes,
>>> they ought to be read for real later (and taken into accou
