You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by jo...@apache.org on 2005/07/01 13:03:25 UTC

svn commit: r208744 - /httpd/httpd/branches/2.0.x/STATUS

Author: jorton
Date: Fri Jul  1 04:03:23 2005
New Revision: 208744

URL: http://svn.apache.org/viewcvs?rev=208744&view=rev
Log:
- add the appropriate patch to complete the fix for CAN-2005-2088
- random mod_proxy bugs are not showstoppers

Modified:
    httpd/httpd/branches/2.0.x/STATUS

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=208744&r1=208743&r2=208744&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Fri Jul  1 04:03:23 2005
@@ -112,12 +112,13 @@
     * Various fixes to T-E and C-L processing from trunk
 
       + proxy HTTP - ignore C-L and disable keepalive to origin server
-        CAN-2005-2088
           http://people.apache.org/~trawick/20.te-cl.txt
-        +1: trawick
-
-    * proxy_http.c accepts TRACE with a body, violating RFC2616
+        +1: trawick, jorton
 
+      + core: strip C-L from any request with a T-E header
+          http://people.apache.org/~jorton/ap_tevscl.diff
+          (CVE CAN-2005-2088)
+        +1: jorton
 
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ please append new backports at the end of this list not the top. ]