Steve Kemp wrote: > > Can I be the first to say that I don't understand the nature of this > issue?
The description sounds reasonably straightforward, though I'd classify this as a vulnerability of pretty low importance, from a "will people be exploited by this" viewpoint. > Is this also present in 2.0.54 which is the latest stable release? > There's no mention of it in the changelog there.. It looks like it's in 2.0.54, and there's a backport in SVN for the 2.0.55 release, but the backport looks more like a massive feature backport, not just a small security patch, so I may look at if there's a way to fix this a bit less intrusively. Actually, it's worth nothing that we muck with Content-Length at another point, thanks to a Debian-specific patch, so we may accidentally not be vulnerable to this anyway. I'll follow the code around a little later today and see if that's the case. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
