Folks, I'd like to cut a tarball in the next day, two tops, since the
httpd folks are suggesting they are waiting patiently for a release.
If you want to grab any safe, low risk low hanging fruit, have at it.
Bill
On Thu, 2009-05-21 at 14:59 -0500, William A. Rowe, Jr. wrote:
If you want to grab any safe, low risk low hanging fruit, have at it.
We need to backport this, right?
http://svn.apache.org/viewvc?view=revrevision=768417
--
Bojan
On Thu, May 21, 2009 at 5:57 PM, Bojan Smojver bo...@rexursive.com wrote:
On Thu, 2009-05-21 at 14:59 -0500, William A. Rowe, Jr. wrote:
If you want to grab any safe, low risk low hanging fruit, have at it.
We need to backport this, right?
On Thu, 2009-05-21 at 17:59 -0400, Jeff Trawick wrote:
for sure
OK, shall merge to 1.3.x and 1.4.x. Not sure if it's required for 0.9.x.
Will have a look.
--
Bojan
On Thursday 21 May 2009, William A. Rowe, Jr. wrote:
If you want to grab any safe, low risk low hanging fruit, have at
it.
Don't forget CVE-2009-0023.
On Fri, 2009-05-22 at 00:12 +0200, Stefan Fritsch wrote:
Don't forget CVE-2009-0023.
Not familiar. Is that the buckets/apr_brigade.c off by one thing?
--
Bojan
On Friday 22 May 2009, Bojan Smojver wrote:
Don't forget CVE-2009-0023.
Not familiar. Is that the buckets/apr_brigade.c off by one thing?
No. It was discussed with secur...@apache.org in January. William Rowe
knows about it.
Stefan
On Fri, 2009-05-22 at 00:29 +0200, Stefan Fritsch wrote:
No. It was discussed with secur...@apache.org in January. William Rowe
knows about it.
OK, I'll leave it up to him then.
--
Bojan