Hi Sergei, On Wed, 13 Dec 2017, Sergei Golovan wrote: > > I tried to backport the patch from version 18 for the version that we have > > in wheezy. The resulting patch is attached. I'm not quite sure that the > > patch is correct. > > > > Can you review it and test it? > > I've tested unpatched version (it's vunerable indeed), and then with your > patch, > and I confirm that it fixes the bug. I used the YAWS web-server with > HTTPS enabled and https://github.com/robotattackorg/robot-detect as a > client for testing. > > So I think you can use your patch as is.
Great, thanks for your help! I'll upload the package and release DLA-1207-1 in a few minutes. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/