You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2005/07/01 13:03:25 UTC
svn commit: r208744 - /httpd/httpd/branches/2.0.x/STATUS
Author: jorton
Date: Fri Jul 1 04:03:23 2005
New Revision: 208744
URL: http://svn.apache.org/viewcvs?rev=208744&view=rev
Log:
- add the appropriate patch to complete the fix for CAN-2005-2088
- random mod_proxy bugs are not showstoppers
Modified:
httpd/httpd/branches/2.0.x/STATUS
Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=208744&r1=208743&r2=208744&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Fri Jul 1 04:03:23 2005
@@ -112,12 +112,13 @@
* Various fixes to T-E and C-L processing from trunk
+ proxy HTTP - ignore C-L and disable keepalive to origin server
- CAN-2005-2088
http://people.apache.org/~trawick/20.te-cl.txt
- +1: trawick
-
- * proxy_http.c accepts TRACE with a body, violating RFC2616
+ +1: trawick, jorton
+ + core: strip C-L from any request with a T-E header
+ http://people.apache.org/~jorton/ap_tevscl.diff
+ (CVE CAN-2005-2088)
+ +1: jorton
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ please append new backports at the end of this list not the top. ]