Hi,
On Wed, Jan 25, 2017 at 9:17 AM, Rashmi Srinivasan
<rashmisrinivasan2007@gmail.com > wrote:
> We are trying to port the fix for CVE (CVE-2016-8743) to 2.4.18. Tried
> checking the revision on git for the list of files fixed for this CVE.
> There are lots of changes related to RFC7320 and was difficult to figure out
> the files changed for this CVE as We couldnt find the CVE-2016-8743 in the
> log either.
The branch [1] collects all the related changes between versions
2.4.25 (latest) and 2.4.23 (previous).
Attached is the output of:
$ svn diff -x-p
https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4. x@r1767912
https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4. x-merge-http-strict
>httpd-2.4.23-CVE-2016-8743.patch
It should apply cleanly to 2.4.23, though it may not to 2.4.18
(possibly more work needed...).
Hope this helps.
Regards,
Yann.
[1] https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4. x-merge-http-strict
------------------------------------------------------------ ---------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx