subject:"CVE\-2011\-3607, int overflow ap

Re: CVE-2011-3607, int overflow ap_pregsub()

2011-12-22 Thread Stefan Fritsch

On Wed, 21 Dec 2011, Greg Ames wrote: On Tue, Dec 20, 2011 at 4:26 AM, William A. Rowe Jr. wrote: We should come to a conclusion on this. How about this for 2.2.x ? --- server/util.c (revision 1179624) +++ server/util.c (working copy) @@ -82,6 +82,8 @@ #define IS_SLASH(s) (s ==

Re: CVE-2011-3607, int overflow ap_pregsub()

2011-12-21 Thread Rüdiger Plüm

Am 21.12.2011 20:08, schrieb Greg Ames: On Tue, Dec 20, 2011 at 4:26 AM, William A. Rowe Jr. wrote: We should come to a conclusion on this. How about this for 2.2.x ? --- server/util.c (revision 1179624) +++ server/util.c (working copy) @@ -82,6 +82,8 @@ #define IS_SLASH(s)

Re: CVE-2011-3607, int overflow ap_pregsub()

2011-12-21 Thread Guenter Knauf

Am 21.12.2011 23:28, schrieb Guenter Knauf: Am 21.12.2011 20:08, schrieb Greg Ames: On Tue, Dec 20, 2011 at 4:26 AM, William A. Rowe Jr. wrote: We should come to a conclusion on this. How about this for 2.2.x ? --- server/util.c (revision 1179624) +++ server/util.c (working copy) @@ -82,6 +

Re: CVE-2011-3607, int overflow ap_pregsub()

2011-12-21 Thread Guenter Knauf

Am 21.12.2011 20:08, schrieb Greg Ames: On Tue, Dec 20, 2011 at 4:26 AM, William A. Rowe Jr. wrote: We should come to a conclusion on this. How about this for 2.2.x ? --- server/util.c (revision 1179624) +++ server/util.c (working copy) @@ -82,6 +82,8 @@ #define IS_SLASH(s) (s

Re: CVE-2011-3607, int overflow ap_pregsub()

2011-12-21 Thread Greg Ames

On Tue, Dec 20, 2011 at 4:26 AM, William A. Rowe Jr. wrote: > We should come to a conclusion on this. How about this for 2.2.x ? --- server/util.c (revision 1179624) +++ server/util.c (working copy) @@ -82,6 +82,8 @@ #define IS_SLASH(s) (s == '/') #endif +/* same as APR_SIZE_MAX w

Re: CVE-2011-3607, int overflow ap_pregsub()

2011-12-20 Thread William A. Rowe Jr.

; behaviour to 2.2.x. > > Regards > > Rüdiger > >> -Original Message- >> From: Roman Drahtmueller [mailto:dr...@suse.de] >> Sent: Dienstag, 15. November 2011 15:13 >> To: dev@httpd.apache.org >> Subject: CVE-2011-3607, int overflow ap_pregsub() >

RE: CVE-2011-3607, int overflow ap_pregsub()

2011-11-15 Thread Plüm, Rüdiger, VF-Group

bject: CVE-2011-3607, int overflow ap_pregsub() > > Hi there, > > Revision 1198940 attempts to fix an integer overflow in > ap_pregsub() in > server/util.c:394. The patch is: > > --- httpd/httpd/trunk/server/util.c 2011/11/07 21:09:41 1198939 > +++ httpd/httpd

CVE-2011-3607, int overflow ap_pregsub()

2011-11-15 Thread Roman Drahtmueller

Hi there, Revision 1198940 attempts to fix an integer overflow in ap_pregsub() in server/util.c:394. The patch is: --- httpd/httpd/trunk/server/util.c 2011/11/07 21:09:41 1198939 +++ httpd/httpd/trunk/server/util.c 2011/11/07 21:13:40 1198940 @@ -411,6 +411,8 @@ len+

Re: CVE-2011-3607, int overflow ap_pregsub()

Re: CVE-2011-3607, int overflow ap_pregsub()

Re: CVE-2011-3607, int overflow ap_pregsub()

Re: CVE-2011-3607, int overflow ap_pregsub()

Re: CVE-2011-3607, int overflow ap_pregsub()

Re: CVE-2011-3607, int overflow ap_pregsub()

RE: CVE-2011-3607, int overflow ap_pregsub()

CVE-2011-3607, int overflow ap_pregsub()

8 matches

Site Navigation

Mail list logo

Footer information