Re: libwww security advisory

Jose Kahan wrote:

>[1] is the advisory. [2] gives a patch. There's also a mention
>of other patches to fix other problems. 
>
Ya, I have now read the advisory and the bugzilla entry and am reviewing 
Sam's new code for HTBound.c . . . It should not be a problem to include 
it with appropriate revisions to the Changelog file for a new release. 

I am resetting my account with the Redhat Bugzilla in order to make an 
appropriate comment there.  It would also be prudent to do a report of 
libwww bugs reported there to see if anything else pops up.

>I don't believe they tried to contribute them to the www-lib mailing list, though.
>  
>
Yea, I watch the list and have not seen it.  Posts with code or diffs 
get applied fairly quickly . . .

more,
l8r,
v

>1. http://secunia.com/advisories/17119/
>2. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597
>  
>

-- 
"The future is here. It's just not evenly distributed yet."
 -- William Gibson, quoted by Whitfield Diffie

[3] Received on Friday, 14 October 2005 12:38:09 UTC