W3C home > Mailing lists > Public > www-lib@w3.org > October to December 2005

Re: libwww security advisory

From: Vic Bancroft <bancroft@america.net>
Date: Fri, 14 Oct 2005 08:38:03 -0400
Message-ID: <434FA6AB.4070301@america.net>
To: jose.kahan@w3.org, Sam Varshavchik <mrsam@courier-mta.com>, Harald Hoyer <harald@redhat.com>
CC: www-lib@w3.org

Jose Kahan wrote:

>[1] is the advisory. [2] gives a patch. There's also a mention
>of other patches to fix other problems. 
>
Ya, I have now read the advisory and the bugzilla entry and am reviewing 
Sam's new code for HTBound.c . . . It should not be a problem to include 
it with appropriate revisions to the Changelog file for a new release. 

I am resetting my account with the Redhat Bugzilla in order to make an 
appropriate comment there.  It would also be prudent to do a report of 
libwww bugs reported there to see if anything else pops up.

>I don't believe they tried to contribute them to the www-lib mailing list, though.
>  
>
Yea, I watch the list and have not seen it.  Posts with code or diffs 
get applied fairly quickly . . .

more,
l8r,
v

>1. http://secunia.com/advisories/17119/
>2. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597
>  
>

-- 
"The future is here. It's just not evenly distributed yet."
 -- William Gibson, quoted by Whitfield Diffie

[3] https://bugzilla.redhat.com/bugzilla/report.cgi?query_format=report-table&short_desc_type=allwordssubstr&short_desc=&product=Bugzilla&product=eCos&product=Fedora+Core&product=Fedora+Directory+Server&product=Fedora+Documentation&product=Fedora+Extras&product=Fedora+Infrastructure&product=Fedora+Legacy&product=Fedora+Management+Console&product=Red+Hat+Academy&product=Red+Hat+Application+Server&product=Red+Hat+Application+Server+Public+Beta&product=Red+Hat+Cluster+Suite&product=Red+Hat+Collaboration+Applications&product=Red+Hat+Contrib%7CNet&product=Red+Hat+Database&product=Red+Hat+Developer+Program&product=Red+Hat+Developer+Suite&product=Red+Hat+Enterprise+CMS&product=Red+Hat+Enterprise+Linux&product=Red+Hat+Enterprise+Linux+Public+Beta&product=Red+Hat+Enterprise+Portal+Server&product=Red+Hat+High+Availability+Server&product=Red+Hat+Linux&product=Red+Hat+Linux+Beta&product=Red+Hat+Network&product=Red+Hat+Powertools&product=Red+Hat+Powertools+Public+Beta&product=Red+Hat+Public+Beta&product=Red+Hat+Raw+Hide&product=Red+Hat+Ready+Certification+Tests&product=Red+Hat+Secure+Web+Server&product=Red+Hat+Web+Application+Framework&product=Red+Hat+Web+Site&product=Source-Navigator&product=Stronghold+4.0+for+Red+Hat+Advanced+Server&product=Stronghold+Cross+Platform&product=Stronghold+for+Red+Hat+Linux&version=%28fedora.us%29+1&version=%28fedora.us%29+2&version=%28fedora.us%29+RH9&version=1.0&version=1.0-beta1&version=1.0-beta2&version=1.1&version=1.2&version=1.2.1&version=1.2.10&version=1.2.2&version=1.2.3&version=1.2.4&version=1.2.5&version=1.2.6&version=1.2.7&version=1.2.8&version=1.2.9&version=1.3.1&version=1.3.10&version=1.3.11&version=1.3.12&version=1.3.13&version=1.3.14&version=1.3.15&version=1.3.2&version=1.3.3&version=1.3.4&version=1.3.5&version=1.3.6&version=1.3.7&version=1.3.8&version=1.3.9&version=1.4.1&version=1.4.2&version=1.4.3&version=1.4.4&version=1.4.5&version=1.4.6&version=1.4.7&version=1.4.8&version=1.4.9&version=1.5&version=1.5.1&version=1.5.2&version=1.5.3&version=1.5.4&version=1.5.5&version=1.6&version=1.7&version=1.8&version=2&version=2.0&version=2.0+beta+1&version=2.0-beta&version=2.1&version=2.15&version=2.17&version=2.18&version=2.1AS&version=2.1DE&version=2.1ES&version=2.1r&version=2.1rC&version=2.1WS&version=2.2&version=2.8&version=3&version=3.0&version=3.1&version=3.2&version=4&version=4.0&version=4.2&version=4.5.1&version=5.0&version=5.1&version=5.2&version=6.0&version=6.1&version=6.1.90&version=6.1.91&version=6.2&version=6.2EE&version=6.2J&version=7.0&version=7.0J&version=7.0tc&version=7.1&version=7.1k&version=7.2&version=7.2c-RC1&version=7.3&version=8.0&version=9&version=alpha+1&version=alpha+2&version=alpha+3&version=AS-beta1&version=AS-beta2&version=AS-beta3&version=beta&version=beta1&version=beta2&version=beta3&version=beta4&version=beta5&version=core1&version=current&version=CVS&version=devel&version=fc1&version=fc2&version=fc3&version=fc3test1&version=fc3test2&version=fc3test3&version=fc4&version=fc4test1&version=fc4test2&version=fc4test3&version=fisher&version=GinGin64&version=limbo&version=nightly&version=null&version=pensacola&version=phoebe&version=prebeta&version=Q1+Errata+Beta&version=Q2+Errata+Beta&version=Q3+Errata+Beta&version=RC1&version=RC2&version=RC3&version=rhel21-update&version=rhel3-update&version=rhel4-beta1&version=rhel4-beta2&version=rhel4-rc1&version=rhel4-update&version=rhl7.3&version=rhl9&version=RHN+Devel&version=RHN+Stable&version=rhn250&version=rhn260&version=rhn260e&version=rhn270&version=rhn280&version=rhn290&version=rhn300&version=rhn310&version=rhn320&version=rhn330&version=rhn340&version=rhn350&version=rhn360&version=rhn370&version=rhn400&version=rhn410&version=roswell&version=skipjack-beta1&version=skipjack-beta2&version=test1&version=test2&version=test3&version=unspecified&version=wolverine&component=w3c-libwww&component_text=&query_format=report-table&bug_status=NEW&bug_status=VERIFIED&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&bug_status=CLOSED&bug_status=NEEDINFO&bug_status=MODIFIED&bug_status=ASSIGN_TO_PM&bug_status=INVESTIGATE&bug_status=SPEC&bug_status=ON_DEV&bug_status=QA_READY&bug_status=ON_QA&bug_status=PROD_READY&bug_status=FAILS_QA&bug_status=UNCONFIRMED&bug_status=NEEDINFO_REPORTER&bug_status=NEEDINFO_PM&bug_status=NEEDINFO_ENG&bug_status=PASSES_QA&bug_status=RELEASE_PENDING&bug_status=NEEDINFO_QA
Received on Friday, 14 October 2005 12:38:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 23 April 2007 18:18:45 GMT