Hi Yann,
Any update on this will be very helpful.
regards,
Rashmi
On Thu, Jun 1, 2017 at 2:49 PM, Rashmi Srinivasan <
rashmisrinivasan2...@gmail.com> wrote:
> Hi Yann,
> To port the fix for CVE-2016-8743 to 2.2.29, is it ok to port
> the changes from http://svn.apache.org/viewvc?view=revision&revision=
> 1777405
> Would that suffice?
> Please advise.
>
> regards,
> Rashmi
>
>
> On Fri, Feb 10, 2017 at 1:30 PM, Rashmi Srinivasan <
> rashmisrinivasan2...@gmail.com> wrote:
>
>> Thank a lot for the patch Yann,
>> I will check if this fits in.
>>
>> regards,
>> Rashmi
>>
>> On Wed, Jan 25, 2017 at 6:04 PM, Yann Ylavic <ylavic....@gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> On Wed, Jan 25, 2017 at 9:17 AM, Rashmi Srinivasan
>>> <rashmisrinivasan2...@gmail.com> wrote:
>>>
>>> > We are trying to port the fix for CVE (CVE-2016-8743) to 2.4.18.
>>> Tried
>>> > checking the revision on git for the list of files fixed for this CVE.
>>> > There are lots of changes related to RFC7320 and was difficult to
>>> figure out
>>> > the files changed for this CVE as We couldnt find the CVE-2016-8743 in
>>> the
>>> > log either.
>>>
>>> The branch [1] collects all the related changes between versions
>>> 2.4.25 (latest) and 2.4.23 (previous).
>>>
>>> Attached is the output of:
>>> $ svn diff -x-p
>>> https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@r1767912
>>> https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-
>>> merge-http-strict
>>> >httpd-2.4.23-CVE-2016-8743.patch
>>>
>>> It should apply cleanly to 2.4.23, though it may not to 2.4.18
>>> (possibly more work needed...).
>>>
>>> Hope this helps.
>>>
>>> Regards,
>>> Yann.
>>>
>>> [1] https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-
>>> merge-http-strict
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>
>>
>
