mailing list archives
Re: CVE request: apr - Hash DoS vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 08 Feb 2012 17:08:06 -0700
On 02/08/2012 10:26 AM, Moritz Muehlenhoff wrote:
APR (Apache Portable Runtime) is affected by the hash collision DoS
class, please assign a CVE ID:
The upstream discussion can be found here:
Please use CVE-2012-0840 for this issue.
They posted a first attempt at a fix:
http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD () eris apache org%3E
Reply about this commit:
r1231605 and r1231858 cause massive regressions and test case failures
so probably not the final fix.
If someone could reply to this with the final fix that'd be helpful.
Kurt Seifried Red Hat Security Response Team (SRT)