https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
apk...@icloud.com changed:
What|Removed |Added
Hardware|PC |Macintosh
OS|Linux
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
Aloon changed:
What|Removed |Added
URL||ad...@apache.org
CC|
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
Joe Orton changed:
What|Removed |Added
CC||martyn.shakespe...@bt.com
--- Comment #13
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
William A. Rowe Jr. changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
--- Comment #11 from William A. Rowe Jr. ---
Proposed in httpd-2.4/STATUS for backport.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
--- Comment #10 from mike bayer ---
so... what's the timeline for this to be released and getting it downstream at
least as a downloadable rpm? I'm being hit with this issue daily. also any
thoughts on why this issue is not more widespread?
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
--- Comment #9 from Joe Orton ---
Fixed in r1850946.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail:
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
--- Comment #8 from William A. Rowe Jr. ---
This may be based on a misunderstanding by our developers of the
SSL_clear_error() function, as first identified here;
https://bz.apache.org/bugzilla/show_bug.cgi?id=62590
--
You are receiving
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
mike bayer changed:
What|Removed |Added
Status|NEEDINFO|NEW
--- Comment #7 from mike bayer ---
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
William A. Rowe Jr. changed:
What|Removed |Added
Status|NEW |NEEDINFO
--- Comment #6 from
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
Jacob Lundberg changed:
What|Removed |Added
CC||ja...@collegenet.com
--
You are
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
--- Comment #5 from Ruediger Pluem ---
(In reply to mike bayer from comment #3)
> this is fedora 29 so packages look like:
>
> openssl-1.1.1-3.fc29.x86_64
> openssl-pkcs11-0.4.8-2.fc29.x86_64
> compat-openssl10-1.0.2o-3.fc29.x86_64
>
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
--- Comment #3 from mike bayer ---
this is fedora 29 so packages look like:
openssl-1.1.1-3.fc29.x86_64
openssl-pkcs11-0.4.8-2.fc29.x86_64
compat-openssl10-1.0.2o-3.fc29.x86_64
openssl-libs-1.1.1-3.fc29.x86_64
httpd-tools-2.4.37-5.fc29.x86_64
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
--- Comment #4 from mike bayer ---
>From my end this kind of looks like a pretty big DOS vulnerability, anyone can
just run the attacks from that publicly available online tool a few dozen times
against any site running the latest Apache and
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
--- Comment #2 from Joe Orton ---
Nice analysis, thanks. What OpenSSL version? Also can you work out what
thread 60 is doing, is it spinning inside OPENSSL_init_crypto() ?
--
You are receiving this mail because:
You are the assignee for
https://bz.apache.org/bugzilla/show_bug.cgi?id=63052
--- Comment #1 from mike bayer ---
OK yup a kind soul on twitter pointed me to the source of these requests and it
is https://www.ssllabs.com/ssltest/analyze.html, I hit my server with this and
it's that same IP number 64.41.200.103 and it
16 matches
Mail list logo
