[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: testing and review requested for Wheezy update of apache2


On Thursday, 23 February 2017 19:14:59 CET Jonas Meurer wrote:
> All right, then we should go for the update. Antoine, do you take care
> of it?

Great work and sorry that I did not have time to help you more.

In case it helps: For stable, I have suggested this text for the DSA to the 
security team:

* CVE-2016-8743: Apache httpd accepted a broad pattern of unusual
  whitespace patterns in HTTP requests. In some configurations, this
  could lead to response splitting or cache polution vulnerabilities.
  To fix these issues, this update makes Apache httpd be more strict in
  what HTTP requests it accepts.

  If this causes problems with non-conforming clients, some checks can
  be relaxed by adding the new directive 'HttpProtocolOptions unsafe'
  to the configuration.
  More information is available at


Reply to: