Thanks! I also wrote about the h2 related parts at 
https://icing.github.io/mod_h2/pool-debugging.html

> Am 22.01.2019 um 13:31 schrieb Rainer Jung <rainer.j...@kippdata.de>:
> 
> Am 22.01.2019 um 10:33 schrieb Daniel Gruno:
>> On 1/22/19 8:09 AM, Stefan Priebe - Profihost AG wrote:
>>> Hi,
>>> 
>>> in twitter and other social media channels they're talking about a
>>> current apache 0 day:
>>> https://twitter.com/i/web/status/1087593706444730369
>>> 
>>> which wasn't handled / isn't currently fixed.
>>> 
>>> Some details are here:
>>> https://github.com/hannob/apache-uaf
>>> 
>>> If this is true there will be exploits soon. Is there anything planned?
>>> Does 2.4.38 fix those issues?
>>> 
>>> Greets,
>>> Stefan
>>> 
>> Hi Stefan, and good morning.
>> I figured I should write something to calm people that might be concerned.
>> I will reply in length in a while (coffee is needed first), it takes time to 
>> write a proper response that explains our processes and considerations with 
>> issues like this, especially when people start hyping the matter. Such is 
>> social media, I guess.
>> Until then, I will say quickly that we do not at present consider this 
>> something you should be alarmed about. Boring elaboration to follow in a 
>> while when I have compiled it :)
>> With regards,
>> Daniel, speaking as just a normal committer.
> 
> Here's the response we have compiled from Daniel, Stefan and others:
> 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=63098
> 
> Regards,
> 
> Rainer

Reply via email to