oss-sec mailing list archives
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
From: Seth Arnold <seth.arnold () canonical com>
Date: Mon, 10 Aug 2020 22:29:35 +0000
On Sat, Aug 08, 2020 at 07:21:35AM -0500, Daniel Ruggeri wrote:
You're correct. That was an error on our part. We try to double check this data (since sometimes we burn a release number as we test the candidate) and things can get out of sync. I have it in my personal TODO list to add some tooling around automating this particular part of the release management process. I've fixed this in a recent patch and the the site should now show the correct data - many thanks for the correction
Hello Daniel, thanks for the fixes, this is a lot more clear to me now. Quite a lot of my confusion came from not knowing that some releases were versioned but not released -- suddenly quite a lot more makes sense.
The headings are out of order:
No problem - I thought about this as I was putting together the announcement but didn't adjust it at the time. I've fixed this as well
Thanks -- I know how it goes, there's always something somewhere that needs to fixed.
And, something is a bit off with the CURRENT-IS-$version markers: $ curl -sq https://archive.apache.org/dist/httpd/ | grep -c CURRENT 47I can see how that appears odd. This URL is our archive distribution point, so anything we release to the formal distribution point will be added here automatically to preserve history. It's best to use the current distribution point: https://dist.apache.org/repos/dist/release/httpd/
Aha! And this explains the duplicates. It's nice to know it's intentional.
Thanks for taking the time to provide feedback! Have a great weekend
Thanks for the quick fixes :)
Attachment:
signature.asc
Description:
Current thread:
- CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 07)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer (Aug 07)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Joe Orton (Aug 17)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer (Aug 07)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Seth Arnold (Aug 07)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Seth Arnold (Aug 10)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)