libwww security advisory from Jose Kahan on 2005-10-14 (www-lib@w3.org from October to December 2005)

From: Jose Kahan <jose.kahan@w3.org>
Date: Fri, 14 Oct 2005 11:00:00 +0200
To: Vic Bancroft <bancroft@america.net>
Cc: www-lib@w3.org
Message-ID: <20051014090000.GA9323@rakahanga.inrialpes.fr>

Hi Vic,

Have you seen this security advisory about a DoS problem in libwww?
As the current release has that problem, maybe we should remove it
and put in a new one, that includes all your code. 

However. one thing that bothers me in making a new release is that
the Changelog has not been updated. Its purpose was to log all the
changes done to the libwww tree. Without it, there's no way of documenting
what changes people should expect between the two versions. Maybe you have
documented them elsewhere?

-jose

1. http://secunia.com/advisories/17119/
2. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597

Received on Friday, 14 October 2005 09:00:08 UTC