Re: testing and review requested for Wheezy update of apache2
On Thursday, 23 February 2017 19:14:59 CET Jonas Meurer wrote:
> All right, then we should go for the update. Antoine, do you take care
> of it?
Great work and sorry that I did not have time to help you more.
In case it helps: For stable, I have suggested this text for the DSA to the
* CVE-2016-8743: Apache httpd accepted a broad pattern of unusual
whitespace patterns in HTTP requests. In some configurations, this
could lead to response splitting or cache polution vulnerabilities.
To fix these issues, this update makes Apache httpd be more strict in
what HTTP requests it accepts.
If this causes problems with non-conforming clients, some checks can
be relaxed by adding the new directive 'HttpProtocolOptions unsafe'
to the configuration.
More information is available at