Re: Fwd: Patches for CVE-2016-8743 (apache 2.4.18)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Yann,
         To port the fix for CVE-2016-8743 to 2.2.29, is it ok to port the changes from http://svn.apache.org/viewvc?view=revision&revision=1777405
         Would that suffice?
          Please advise.

regards,
Rashmi


On Fri, Feb 10, 2017 at 1:30 PM, Rashmi Srinivasan <rashmisrinivasan2007@xxxxxxxxx> wrote:
Thank a lot for the patch Yann,
I will check if this fits in.

regards,
Rashmi

On Wed, Jan 25, 2017 at 6:04 PM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:
Hi,

On Wed, Jan 25, 2017 at 9:17 AM, Rashmi Srinivasan
<rashmisrinivasan2007@xxxxxxxxm> wrote:

>   We are trying to port the fix for CVE (CVE-2016-8743) to 2.4.18. Tried
> checking the revision on git for the list of files fixed for this CVE.
> There are lots of changes related to RFC7320 and was difficult to figure out
> the files changed for this CVE as We couldnt find the CVE-2016-8743 in the
> log either.

The branch [1] collects all the related changes between versions
2.4.25 (latest) and 2.4.23 (previous).

Attached is the output of:
$ svn diff -x-p
https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@r1767912
https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-merge-http-strict
>httpd-2.4.23-CVE-2016-8743.patch

It should apply cleanly to 2.4.23, though it may not to 2.4.18
(possibly more work needed...).

Hope this helps.

Regards,
Yann.

[1] https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-merge-http-strict


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux