Hi, On Thursday, 23 February 2017 19:14:59 CET Jonas Meurer wrote: > All right, then we should go for the update. Antoine, do you take care > of it?
Great work and sorry that I did not have time to help you more. In case it helps: For stable, I have suggested this text for the DSA to the security team: * CVE-2016-8743: Apache httpd accepted a broad pattern of unusual whitespace patterns in HTTP requests. In some configurations, this could lead to response splitting or cache polution vulnerabilities. To fix these issues, this update makes Apache httpd be more strict in what HTTP requests it accepts. If this causes problems with non-conforming clients, some checks can be relaxed by adding the new directive 'HttpProtocolOptions unsafe' to the configuration. More information is available at http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions Cheers, Stefan
