Am 29.08.2011 22:41, schrieb William A. Rowe Jr.: > On 8/29/2011 3:31 PM, Stefan Fritsch wrote: >> >> Jim offered to RM 2.2.20, but I don't know what timezone he is in. If >> 2.2.20 doesn't happen today, it may be good to publish the patch in an >> update to the advisory. But I am in the wrong timezone for that ;-) > > If byterange_filter.c to 2.2.x branch is baked and closes the vulnerability, > it seems prudent to backport this now and also publish both immediately, > 2.2.20 can't happen without the whole release vote.
PLEASE make a download for the diff to 2.2.19 on the main-page so that users which are not developers but able to deal with rpmbuild can take their distribution-packages and fix their setup after running a demo-exploit on my machine with 4x2.50 GHz CPU / 8 GB RAM which brought the machine down in few seconds i would say this bug is more than critical
signature.asc
Description: OpenPGP digital signature
