You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2011/10/05 20:38:33 UTC
svn commit: r1179373 - /httpd/httpd/branches/2.2.x/STATUS
Author: jim
Date: Wed Oct 5 18:38:32 2011
New Revision: 1179373
URL: http://svn.apache.org/viewvc?rev=1179373&view=rev
Log:
Add patch... both backport and showstopper.
Modified:
httpd/httpd/branches/2.2.x/STATUS
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1179373&r1=1179372&r2=1179373&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Wed Oct 5 18:38:32 2011
@@ -89,7 +89,11 @@ CURRENT RELEASE NOTES:
RELEASE SHOWSTOPPERS:
-
+ * SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
+ reverse proxy configurations by strictly validating the request-URI.
+ Trunk patch: http://svn.apache.org/viewvc?rev=1179239&view=rev
+ 2.2.x patch: http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/CVE-2011-3368.patch
+ +1:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]