Re: Apache's mod_remoteip: IP address spoofing via X-Forwarded-For when mod_rewrite rule is triggered
Hi Utkarsh et al.,
> Unless there's a CVE assigned for this, should I really be fixing it
> and announcing the update?
This might be conflating cause and effect. Let me ask a question in
return - did you consider applying for a CVE? If we cannot justify
applying for one on grounds of severity then by that very fact it
won't be worth fixing in Jessie LTS.
(Getting a CVE is somewhat easier than you think and my the first CVE
I was assigned was actually a nice little badge of honour.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org 🍥 chris-lamb.co.uk
`-
Reply to: