Glen Eustace <geustace@godzone.net.nz> writes:
> Has anyone added anything into the client library along the lines of the
> suggestion made in
>
> http://cert.uni-stuttgart.de/advisories/apache_auth.php
>
> I have just upgraded to 7.1.3 on RH7.1, I wasn't going to bother with the
> source. But we do use our database for authentication and consequently are
> vulnerable.
A patch did go in just recently, but didn't make it into 7.1.3.
You can always do the escaping yourself--the patch just makes the
escape call available in the library; it doesn't automatically fix
your code.
-Doug
--
Free Dmitry Sklyarov!
http://www.freesklyarov.org/
We will return to our regularly scheduled signature shortly.