You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@covalent.net> on 2001/05/10 06:10:25 UTC
Re: cvs commit: apache-1.3/src/os/os2 util_os2.c
> wrowe 01/05/09 21:07:58
>
> Modified: . STATUS
> src CHANGES
> src/os/win32 util_win32.c
> src/os/os2 util_os2.c
> Log:
> *) Correct a vulnerability in the Win32 and OS2 ports, by which a
> client submitting a carefully constructed URI could cause a GP
> (segment) fault in the child process, which would have to be
> cleared by the operator to resume operation. This vulnerability
> introduced no identified means to comprimize the server's data.
> Reported by Auriemma Luigi <ka...@genie.it>.
> [William Rowe, Brian Harvard]
>
> PR: 7522
>
> Revision Changes Path
> 1.936 +12 -19 apache-1.3/STATUS
>
> - 1.3.20-dev: Current version.
> + 1.3.20: In development - security exploit demands a release ASAP.
> + Will offers to RM, tag and roll 5/10 9:00pm PST.
Can I have a few +1's on tagging and rolling?
Re: cvs commit: apache-1.3/src/os/os2 util_os2.c
Posted by "William A. Rowe, Jr." <li...@rowe-clan.net>.
From: "Jeff Trawick" <tr...@bellsouth.net>
Sent: Thursday, May 10, 2001 6:57 AM
> > Can I have a few +1's on tagging and rolling?
>
> if I was sure I'd find time to play with 1.3 on Solaris, AIX, OS/390,
> and Tru64 today (5/10) to see about the *printf() changes...
Gotcha... keep us posted
> Has anyone played with HEAD on any of those platforms?
??? Come on folks, save this man some builds :-)
> Linux and FreeBSD are building fine, but I guess that is to be
> expected...
undoubtedly :-)
> (checking out 1.3 on Tru64 now)
thanks!
Re: cvs commit: apache-1.3/src/os/os2 util_os2.c
Posted by Jeff Trawick <tr...@bellsouth.net>.
"William A. Rowe, Jr." <wr...@covalent.net> writes:
> > wrowe 01/05/09 21:07:58
> >
> > Modified: . STATUS
> > src CHANGES
> > src/os/win32 util_win32.c
> > src/os/os2 util_os2.c
> > Log:
> > *) Correct a vulnerability in the Win32 and OS2 ports, by which a
> > client submitting a carefully constructed URI could cause a GP
> > (segment) fault in the child process, which would have to be
> > cleared by the operator to resume operation. This vulnerability
> > introduced no identified means to comprimize the server's data.
> > Reported by Auriemma Luigi <ka...@genie.it>.
> > [William Rowe, Brian Harvard]
> >
> > PR: 7522
> >
> > Revision Changes Path
> > 1.936 +12 -19 apache-1.3/STATUS
> >
> > - 1.3.20-dev: Current version.
> > + 1.3.20: In development - security exploit demands a release ASAP.
> > + Will offers to RM, tag and roll 5/10 9:00pm PST.
>
> Can I have a few +1's on tagging and rolling?
if I was sure I'd find time to play with 1.3 on Solaris, AIX, OS/390,
and Tru64 today (5/10) to see about the *printf() changes...
Has anyone played with HEAD on any of those platforms?
Linux and FreeBSD are building fine, but I guess that is to be
expected...
(checking out 1.3 on Tru64 now)
--
Jeff Trawick | trawickj@bellsouth.net | PGP public key at web site:
http://www.geocities.com/SiliconValley/Park/9289/
Born in Roswell... married an alien...