[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [d-security] Re: Apache chunk handling vulnerability and Apache 1.3.24-3

Christian Hammers wrote:

> On Sat, Jun 22, 2002 at 11:50:10PM -0700, Jamie Heilman wrote:
> > its not just mod_proxy, apache was vulnerable regardless
> BTW: in the case that mod_proxy is not loaded: is it enough to just 
> backport the get_chunk_size function from http_protocol.c (like in the 
> file debian/patches/cert_vucert944335) to earlier versions to fix the 
> vulnerability or is there more?

I would say yes, in the case where mod_proxy isn't loaded.

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"...thats the metaphorical equivalent of flopping your wedding tackle 
 into a lion's mouth and flicking his lovespuds with a wet towel, pure 
 insanity..."						-Rimmer


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: