https://bz.apache.org/bugzilla/show_bug.cgi?id=60086
Christophe JAILLET <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #1 from Christophe JAILLET <[email protected]> --- For the records and to give credit to your static analyzer, the "Suspicious expression" has been fixed in r1797550 and is recorded as a CVE (CVE-2017-7679) "Incorrect check for an empty string" has been fixed in r1812307 and is now also spotted by gcc 8.1+ "Incrementing a pointer instead of the value" is a mystery to me. This code does not seem to be there anymore! "Incorrect password clearing" is recorded as bug 58921. "Uninitialized variable" is part of APR, not httpd itself. I'll apply a fix for that. "Incorrect check of HRESULT" is fixed in r1832198. "Superfluous operation?" is fixed in r1832200. "Redundant condition" is fixed in r1832202. Thanks for the report. This should have help us close a potential security issue much earlier :( Anyway, any new analysis would be appreciated. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
