You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Sam <ss...@yahoo.com> on 2003/01/16 19:03:44 UTC
[Q] Where was vulnerability fixed?
http://online.securityfocus.com/archive/1/302169/2002-12-03/2002-12-09/2
This vulnerability was reported last month. The report
says mod_jk 1.2.1 as fixing the vulnerability.
Yet I have searched Bugzilla for reference to this vuln.
as well as looking at mod_jk.c to see what revision was
changed, but I have not been able to locate this change.
Can anyone shed some light as to whether this vuln. was fixed
or not, and if so, and what source file(s) were changed?
I cannot seem to find it.
Thanks,
Sam
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [Q] Where was vulnerability fixed?
Posted by Sam <ss...@yahoo.com>.
Thanks. I was specifically looking for the file that contained
the delta. Eventually I found it in jk_ajp_common.c rev 1.33.
-Sam
--- Henri Gomez <hg...@apache.org> wrote:
> Sam wrote:
> > http://online.securityfocus.com/archive/1/302169/2002-12-03/2002-12-09/2
> >
> > This vulnerability was reported last month. The report
> > says mod_jk 1.2.1 as fixing the vulnerability.
> > Yet I have searched Bugzilla for reference to this vuln.
> > as well as looking at mod_jk.c to see what revision was
> > changed, but I have not been able to locate this change.
> >
> > Can anyone shed some light as to whether this vuln. was fixed
> > or not, and if so, and what source file(s) were changed?
> > I cannot seem to find it.
>
> jk 1.2.1 should have fixed this, and we're today at jk 1.2.2 release.
>
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [Q] Where was vulnerability fixed?
Posted by Henri Gomez <hg...@apache.org>.
Sam wrote:
> http://online.securityfocus.com/archive/1/302169/2002-12-03/2002-12-09/2
>
> This vulnerability was reported last month. The report
> says mod_jk 1.2.1 as fixing the vulnerability.
> Yet I have searched Bugzilla for reference to this vuln.
> as well as looking at mod_jk.c to see what revision was
> changed, but I have not been able to locate this change.
>
> Can anyone shed some light as to whether this vuln. was fixed
> or not, and if so, and what source file(s) were changed?
> I cannot seem to find it.
jk 1.2.1 should have fixed this, and we're today at jk 1.2.2 release.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>