On Fri, Oct 16, 2009 at 6:21 AM, Jeff Trawick <[email protected]> wrote: > On Fri, Oct 16, 2009 at 5:43 AM, Joe Orton <[email protected]> wrote: >> Since there is no specific reference to the fix for CVE-2009-2699 in the >> APR change history or elsewhere, can someone (hello Jeff) confirm that >> the patch referenced here: >> >> https://issues.apache.org/bugzilla/show_bug.cgi?id=47645#c13 >> >> is a sufficient fix for the vulnerability? > > https://issues.apache.org/bugzilla/attachment.cgi?id=24161 is okay for > applying to older levels. >
FWIW, I have a interposer library to LD_PRELOAD that I've given to a number of people to resolve this problem. It is available upon request.
