On Wed, Jun 24, 2015 at 6:04 PM, William A Rowe Jr wrote:
>
> *) SECURITY: CVE-2015-3183 (cve.mitre.org)
> core: Fix chunk header parsing defect.
> Remove apr_brigade_flatten(), buffering and duplicated code from
> the HTTP_IN filter, parse chunks in a single pass with zero copy.
On Wed, Jun 24, 2015 at 6:12 PM, Graham Leggett wrote:
> On 24 Jun 2015, at 6:04 PM, William A Rowe Jr wrote:
>
>> If you had offered to review security patches in Jeff's 2.2 interest thread
>> of a month ago, please consider taking a bit of time to compare this change
>> to the corresponding c
On 24 Jun 2015, at 6:04 PM, William A Rowe Jr wrote:
> If you had offered to review security patches in Jeff's 2.2 interest thread
> of a month ago, please consider taking a bit of time to compare this change
> to the corresponding change already approved in 2.4.x branch (and rather
> extensiv
On Fri, Jun 19, 2015 at 11:42 AM, William A Rowe Jr
wrote:
>
> On Jun 18, 2015 1:45 PM, "William A Rowe Jr" wrote:
> >
> > On Jun 11, 2015 8:22 AM, "Eric Covener" wrote:
> > >
> > > On Thu, Jun 11, 2015 at 9:08 AM William A Rowe Jr
> wrote:
> > >>
> > >> But withholding a security fix for lega
On Jun 18, 2015 1:45 PM, "William A Rowe Jr" wrote:
>
> On Jun 11, 2015 8:22 AM, "Eric Covener" wrote:
> >
> > On Thu, Jun 11, 2015 at 9:08 AM William A Rowe Jr
wrote:
> >>
> >> But withholding a security fix for legacy server users? Sounds like a
way to earn distrust of the user community, not
