Hello, On Mon 19 May 2025 at 11:14am +01, Sean Whitton wrote:
> I note that Ubuntu decided to go ahead and upload the fix without the > tests. One other possibility is that we use (only) the reporter's > exploit PoC to test this instead, but that's less good for LTS & ELTS > because it's completely manual. > > If you don't have time to look at this soon then I'll see about getting > the PoC to compile. Let me know. Thanks! I was able to compile it but it doesn't reproduce the issue. The PoC never sends any Authorization header. I think I need somebody else's opinion on whether to proceed with the fix without backporting the tests. -- Sean Whitton
signature.asc
Description: PGP signature
