[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PATCH: apache 1.3.24 chunk size thingy - cert_vucert944335_1.3.24

"SDiZ \(UHome\)" <sdiz@uhome.net> writes:

>> The German publish Heise claims that this patch does not fix the
>> vulnerability, see: 
>> 
>> http://www.heise.de/newsticker/data/pab-20.06.02-000/
>> 
>> But I hope this is an editorial error. :-/
>> 
>
> Do you means the one-line patch from ISS ?
> That patch don't work. 

Yes, that's known, of course.

> The one in apache offical 1.3.26 works.

The article above claims that only this one works, a previous version
explicitly claimed that the Debian fix was incorrect.

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: