You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2015/03/02 19:24:26 UTC

svn commit: r1663389 - /httpd/httpd/branches/2.4.x/STATUS

Author: covener
Date: Mon Mar  2 18:24:25 2015
New Revision: 1663389

URL: http://svn.apache.org/r1663389
Log:
propose stack overflow in lua websockets

Modified:
    httpd/httpd/branches/2.4.x/STATUS

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1663389&r1=1663388&r2=1663389&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Mon Mar  2 18:24:25 2015
@@ -257,6 +257,13 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      2.4.x patch: trunk works (modulo CHANGES)
      ylavic: +1
 
+  *) SECURITY: CVE-2015-0228 (cve.mitre.org)
+     mod_lua: A maliciously crafted websockets PING after a script
+     calls r:wsupgrade() can cause a child process crash.
+     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1657261
+     2.4.x patch: trunk works
+     Note: Technically CTR but it's a CVE.
+     covener: +1
 
 OTHER PROPOSALS