"William A. Rowe, Jr." <[EMAIL PROTECTED]> writes:
> > wrowe 01/05/09 21:07:58
> >
> > Modified: . STATUS
> > src CHANGES
> > src/os/win32 util_win32.c
> > src/os/os2 util_os2.c
> > Log:
> > *) Correct a vulnerability in the Win32 and OS2 ports, by which a
> > client submitting a carefully constructed URI could cause a GP
> > (segment) fault in the child process, which would have to be
> > cleared by the operator to resume operation. This vulnerability
> > introduced no identified means to comprimize the server's data.
> > Reported by Auriemma Luigi <[EMAIL PROTECTED]>.
> > [William Rowe, Brian Harvard]
> >
> > PR: 7522
> >
> > Revision Changes Path
> > 1.936 +12 -19 apache-1.3/STATUS
> >
> > - 1.3.20-dev: Current version.
> > + 1.3.20: In development - security exploit demands a release ASAP.
> > + Will offers to RM, tag and roll 5/10 9:00pm PST.
>
> Can I have a few +1's on tagging and rolling?
if I was sure I'd find time to play with 1.3 on Solaris, AIX, OS/390,
and Tru64 today (5/10) to see about the *printf() changes...
Has anyone played with HEAD on any of those platforms?
Linux and FreeBSD are building fine, but I guess that is to be
expected...
(checking out 1.3 on Tru64 now)
--
Jeff Trawick | [EMAIL PROTECTED] | PGP public key at web site:
http://www.geocities.com/SiliconValley/Park/9289/
Born in Roswell... married an alien...
