Thanks for testing. The release is approved:
PMC votes: +1 from ylavic, jfclere, jorton
I will promote the release and announce it.
Regards, Joe
On Thu, Aug 18, 2022 at 12:31:56PM +0100, Joe Orton wrote:
> Hi, I've prepared a candidate release tarball for libapreq2 v2.17 here:
>
> https://dist.apache.org/repos/dist/dev/httpd/libapreq/
>
> I would like to call a VOTE over the next week to release this candidate
> tarball as v2.17:
>
>
Severity: important
Description:
A flaw in libapreq2 versions 2.16 and earlier could cause a buffer overflow
while processing multipart form uploads. A remote attacker could send a
request causing a process crash which could lead to a denial of service attack.