You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2007/08/06 19:42:13 UTC

svn commit: r563203 - /httpd/httpd/branches/2.0.x/STATUS

Author: covener
Date: Mon Aug  6 10:42:12 2007
New Revision: 563203

URL: http://svn.apache.org/viewvc?view=rev&rev=563203
Log:
propose CVE-2007-3847 for backport


Modified:
    httpd/httpd/branches/2.0.x/STATUS

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?view=diff&rev=563203&r1=563202&r2=563203
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Mon Aug  6 10:42:12 2007
@@ -142,6 +142,14 @@
          http://svn.apache.org/viewcvs.cgi?rev=102870&view=rev
        +1: wrowe, colm
 
+    *) SECURITY: CVE-2007-3847
+       mod_proxy: Prevent reading past the end of a buffer when parsing
+       date-related headers.  PR 41144.
+         2.2.x: http://svn.apache.org/viewvc?view=rev&revision=563198
+         2.0.x: http://people.apache.org/~covener/proxy-util-20x.patch
+            (Same as 2.2 but removed lines have hard tabs)
+       +1: covener
+
 PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON:
 
     *) mod_headers: Support {...}s tag for SSL variable lookup.