[411] in WWW Security List Archive
Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
daemon@ATHENA.MIT.EDU (Scott Powers)
Fri Feb 17 01:42:44 1995
From: spowers@shire.ncsa.uiuc.edu (Scott Powers)
To: www-security@ns2.rutgers.edu
Date: Thu, 16 Feb 1995 21:31:10 -0600 (CST)
In-Reply-To: <9502170221.AA07326@krypton.mcc.com> from "Doug Rosenthal" at Feb 16, 95 08:21:45 pm
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
All this discussion and suggestion of patches is now pretty much moot since
Carlos Valera (the guy who _writes_ NCSA httpd) has posted the _fix_ in
patch form which does what substrfirst() is supposed to do in the first
place without using the tmp variable. In case you were not aware, this is
the official patch from NCSA.
Not meaning to be rude and not in any way implying that Carlos is
infallible, but instead of suggesting new patches, etc. Can we either drop
the whole thing or discuss what you think is wrong with the official patch
from NCSA?
Thanks,
Scott
--
+---------------------------------------------------------------------------+
|"Sorry, not tonite honey....I have a modem." --Anonymous |
+---------------------------------------------------------------------------+
|spowers@shire.ncsa.uiuc.edu |
|Scott W. Powers, Research Programmer at the Software Development Group, |
|National Center for Supercomputing Applications |
+---------------------------------------------------------------------------+
|Cyber Doors: http://shire.ncsa.uiuc.edu |
|Terminal Guidance (MUD): telnet shire.ncsa.uiuc.edu 6969 |
+---------------------------------------------------------------------------+
