On Fri, Dec 30, 2022 at 11:04:46AM +0100, Tobias Frost wrote:
> I was trying to triage this CVE and *maybe* those revisions are related:
>
> r1894937 ("apreq_parse_headers: Discard CRLF of folded values.")
> r1894940 ("reindent (no functional change).")
> r1894977 ("Follow up to r1894937: Fix setting of empty value.")
> r1895054 ("Follow up to r1894937: Always eat CRLF at the end of header
> value.")
Perhaps it's best to remove libapreq2 entirely? I don't use nor maintain it
anymore, it's been out of testing for a while, and there's this CVE.
/* Steinar */
--
Homepage: https://www.sesse.net/
