You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Andrew Ho <an...@tellme.com> on 2002/07/04 00:43:10 UTC
Re: Christopher Williamson: URGENT: Bug/compatability issue in
Apache 1.3.26
Hello,
Is there a patch for earlier versions of Apache that fix the chunked
Transfer-Encoding security hole, but nothing else? I know OpenBSD, for
example, has an Apache 1.3.24 in ports that has the chunked
Transfer-Encoding fixed. That would certainly be a good short term
solution for this guy--it doesn't sound like it's a good idea for him to
wait for 1.3.27!
Humbly,
Andrew
----------------------------------------------------------------------
Andrew Ho http://www.tellme.com/ andrew@tellme.com
Engineer info@tellme.com Voice 650-930-9062
Tellme Networks, Inc. 1-800-555-TELL Fax 650-930-9101
----------------------------------------------------------------------
Re: Christopher Williamson: URGENT: Bug/compatability issue in
Apache 1.3.26
Posted by Rasmus Lerdorf <ra...@apache.org>.
http://www.apache.org/dist/httpd/patches/ has patches for every released
version of Apache 1.2.x and 1.3.x
On Wed, 3 Jul 2002, Andrew Ho wrote:
> Hello,
>
> Is there a patch for earlier versions of Apache that fix the chunked
> Transfer-Encoding security hole, but nothing else? I know OpenBSD, for
> example, has an Apache 1.3.24 in ports that has the chunked
> Transfer-Encoding fixed. That would certainly be a good short term
> solution for this guy--it doesn't sound like it's a good idea for him to
> wait for 1.3.27!
>
> Humbly,
>
> Andrew
>
> ----------------------------------------------------------------------
> Andrew Ho http://www.tellme.com/ andrew@tellme.com
> Engineer info@tellme.com Voice 650-930-9062
> Tellme Networks, Inc. 1-800-555-TELL Fax 650-930-9101
> ----------------------------------------------------------------------
>