From owner-freebsd-security  Tue Aug 11 16:51:30 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA01861
          for freebsd-security-outgoing; Tue, 11 Aug 1998 16:51:30 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from redfish.go2net.com (redfish.go2net.com [207.178.55.5])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id QAA01856
          for <security@freebsd.org>; Tue, 11 Aug 1998 16:51:28 -0700 (PDT)
          (envelope-from marcs@go2net.com)
Received: from marcs by redfish.go2net.com with smtp (Exim 1.82 #2)
	id 0z6O9e-0007PW-00; Tue, 11 Aug 1998 16:48:38 -0700
Date: Tue, 11 Aug 1998 16:48:38 -0700 (PDT)
From: Marc Slemko <marcs@znep.com>
X-Sender: marcs@redfish
To: Andrew McNaughton <andrew@squiz.co.nz>
cc: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG
Subject: Re: DOS exploit in Apache
In-Reply-To: <Pine.BSF.3.96.980812111249.16956B-100000@aniwa.sky>
Message-ID: <Pine.GSO.4.00.9808111646070.19881-100000@redfish>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 12 Aug 1998, Andrew McNaughton wrote:

> An unofficial source patch came out on Bugtraq.  Can someone point me to
> the official one?

There is no official patch available at this time.  When there is, it will
be announced on bugtraq I guess and available at
http://www.apache.org/dist/patches/apply_to_1.3.1/

There are some larger issues involved with doing a proper fix and getting
a proper fix is more important than getting a release out within hours
with a quick patch (which would have been easy to do) then having to deal
with any problems with it, and make a new one anyway later.

The patch Ben Laurie posted to bugtraq is fine as a temporary patch.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message