Re: libwww security advisory from Vic Bancroft on 2005-10-14 (www-lib@w3.org from October to December 2005)

From: Vic Bancroft <bancroft@america.net>
Date: Fri, 14 Oct 2005 08:38:03 -0400
To: jose.kahan@w3.org, Sam Varshavchik <mrsam@courier-mta.com>, Harald Hoyer <harald@redhat.com>
CC: www-lib@w3.org
Message-ID: <434FA6AB.4070301@america.net>

Jose Kahan wrote:

>[1] is the advisory. [2] gives a patch. There's also a mention
>of other patches to fix other problems. 
>
Ya, I have now read the advisory and the bugzilla entry and am reviewing 
Sam's new code for HTBound.c . . . It should not be a problem to include 
it with appropriate revisions to the Changelog file for a new release. 

I am resetting my account with the Redhat Bugzilla in order to make an 
appropriate comment there.  It would also be prudent to do a report of 
libwww bugs reported there to see if anything else pops up.

>I don't believe they tried to contribute them to the www-lib mailing list, though.
>  
>
Yea, I watch the list and have not seen it.  Posts with code or diffs 
get applied fairly quickly . . .

more,
l8r,
v

>1. http://secunia.com/advisories/17119/
>2. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597
>  
>

-- 
"The future is here. It's just not evenly distributed yet."
 -- William Gibson, quoted by Whitfield Diffie

[3] Received on Friday, 14 October 2005 12:38:09 UTC