Hi Yann, Any update on this will be very helpful. regards, Rashmi
On Thu, Jun 1, 2017 at 2:49 PM, Rashmi Srinivasan < rashmisrinivasan2...@gmail.com> wrote: > Hi Yann, > To port the fix for CVE-2016-8743 to 2.2.29, is it ok to port > the changes from http://svn.apache.org/viewvc?view=revision&revision= > 1777405 > Would that suffice? > Please advise. > > regards, > Rashmi > > > On Fri, Feb 10, 2017 at 1:30 PM, Rashmi Srinivasan < > rashmisrinivasan2...@gmail.com> wrote: > >> Thank a lot for the patch Yann, >> I will check if this fits in. >> >> regards, >> Rashmi >> >> On Wed, Jan 25, 2017 at 6:04 PM, Yann Ylavic <ylavic....@gmail.com> >> wrote: >> >>> Hi, >>> >>> On Wed, Jan 25, 2017 at 9:17 AM, Rashmi Srinivasan >>> <rashmisrinivasan2...@gmail.com> wrote: >>> >>> > We are trying to port the fix for CVE (CVE-2016-8743) to 2.4.18. >>> Tried >>> > checking the revision on git for the list of files fixed for this CVE. >>> > There are lots of changes related to RFC7320 and was difficult to >>> figure out >>> > the files changed for this CVE as We couldnt find the CVE-2016-8743 in >>> the >>> > log either. >>> >>> The branch [1] collects all the related changes between versions >>> 2.4.25 (latest) and 2.4.23 (previous). >>> >>> Attached is the output of: >>> $ svn diff -x-p >>> https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@r1767912 >>> https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x- >>> merge-http-strict >>> >httpd-2.4.23-CVE-2016-8743.patch >>> >>> It should apply cleanly to 2.4.23, though it may not to 2.4.18 >>> (possibly more work needed...). >>> >>> Hope this helps. >>> >>> Regards, >>> Yann. >>> >>> [1] https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x- >>> merge-http-strict >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: users-h...@httpd.apache.org >>> >> >> >