Re: PATCH: apache 1.3.24 chunk size thingy - cert_vucert944335_1.3.24
"SDiZ \(UHome\)" <sdiz@uhome.net> writes:
>> The German publish Heise claims that this patch does not fix the
>> vulnerability, see:
>>
>> http://www.heise.de/newsticker/data/pab-20.06.02-000/
>>
>> But I hope this is an editorial error. :-/
>>
>
> Do you means the one-line patch from ISS ?
> That patch don't work.
Yes, that's known, of course.
> The one in apache offical 1.3.26 works.
The article above claims that only this one works, a previous version
explicitly claimed that the Debian fix was incorrect.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: