You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2007/12/28 17:31:17 UTC
svn commit: r607283 - /httpd/httpd/branches/2.0.x/STATUS
Author: rpluem
Date: Fri Dec 28 08:31:17 2007
New Revision: 607283
URL: http://svn.apache.org/viewvc?rev=607283&view=rev
Log:
* Add two proposals.
Modified:
httpd/httpd/branches/2.0.x/STATUS
Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=607283&r1=607282&r2=607283&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Fri Dec 28 08:31:17 2007
@@ -113,6 +113,24 @@
RELEASE SHOWSTOPPERS:
+ * Various modules: Add explicit charset to the output of various modules to
+ work around possible cross-site scripting flaws affecting web browsers that
+ do not derive the response character set as required by RFC2616.
+ Trunk version of patch:
+ http://svn.apache.org/viewvc?rev=606693&view=rev
+ http://svn.apache.org/viewvc?rev=607276&view=rev
+ Backport version for 2.2.x of patch:
+ http://people.apache.org/~rpluem/patches/utf7_fix_2.0.x.diff
+ +1: rpluem,
+
+ * mod_status: Ensure refresh parameter is numeric to prevent a possible XSS
+ attack caused by redirecting to other URLs.
+ Trunk version of patch:
+ http://svn.apache.org/viewvc?rev=607282&view=rev
+ Backport version for 2.2.x of patch:
+ http://awe.com/e8f6ad05238f8/CVE-2007-6388-httpd-2.x.patch
+ +1: rpluem,
+
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]