Thank a lot for the patch Yann, I will check if this fits in. regards, Rashmi
On Wed, Jan 25, 2017 at 6:04 PM, Yann Ylavic <ylavic....@gmail.com> wrote: > Hi, > > On Wed, Jan 25, 2017 at 9:17 AM, Rashmi Srinivasan > <rashmisrinivasan2...@gmail.com> wrote: > > > We are trying to port the fix for CVE (CVE-2016-8743) to 2.4.18. Tried > > checking the revision on git for the list of files fixed for this CVE. > > There are lots of changes related to RFC7320 and was difficult to figure > out > > the files changed for this CVE as We couldnt find the CVE-2016-8743 in > the > > log either. > > The branch [1] collects all the related changes between versions > 2.4.25 (latest) and 2.4.23 (previous). > > Attached is the output of: > $ svn diff -x-p > https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@r1767912 > https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4. > x-merge-http-strict > >httpd-2.4.23-CVE-2016-8743.patch > > It should apply cleanly to 2.4.23, though it may not to 2.4.18 > (possibly more work needed...). > > Hope this helps. > > Regards, > Yann. > > [1] https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4. > x-merge-http-strict > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org >