You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jeff Trawick <tr...@gmail.com> on 2010/03/10 14:24:32 UTC
[nudge] we should finish cleaning up the 2.0.x vulnerability
backports soon
* Commit /dist/httpd/patches/apply_to_2.0.63/CVE-2008-2364-patch-2.0.txt:
SECURITY: CVE-2008-2364 (cve.mitre.org)
mod_proxy_http: Better handling of excessive interim responses
from origin server to prevent potential denial of service and high
memory usage.
+1: trawick, wrowe
* Commit http://people.apache.org/~wrowe/CVE-2010-0434.patch
SECURITY: CVE-2010-0434 (cve.mitre.org)
note; simpler because we had not yet cleaned up input headers for subreq
+1: wrowe, trawick
trawick: remember to post to apply_to_2.0.63 when approved