You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2015/03/02 19:24:26 UTC
svn commit: r1663389 - /httpd/httpd/branches/2.4.x/STATUS
Author: covener
Date: Mon Mar 2 18:24:25 2015
New Revision: 1663389
URL: http://svn.apache.org/r1663389
Log:
propose stack overflow in lua websockets
Modified:
httpd/httpd/branches/2.4.x/STATUS
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1663389&r1=1663388&r2=1663389&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Mon Mar 2 18:24:25 2015
@@ -257,6 +257,13 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
2.4.x patch: trunk works (modulo CHANGES)
ylavic: +1
+ *) SECURITY: CVE-2015-0228 (cve.mitre.org)
+ mod_lua: A maliciously crafted websockets PING after a script
+ calls r:wsupgrade() can cause a child process crash.
+ trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1657261
+ 2.4.x patch: trunk works
+ Note: Technically CTR but it's a CVE.
+ covener: +1
OTHER PROPOSALS