You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2015/03/05 03:34:42 UTC

svn commit: r1664207 - /httpd/httpd/branches/2.4.x/STATUS

Author: covener
Date: Thu Mar  5 02:34:42 2015
New Revision: 1664207

URL: http://svn.apache.org/r1664207
Log:
propose errordoc 400 CVE, switch another vote syntax

Modified:
    httpd/httpd/branches/2.4.x/STATUS

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1664207&r1=1664206&r2=1664207&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Thu Mar  5 02:34:42 2015
@@ -255,8 +255,15 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      sized 664 byte array per merge to a hash table.
      trunk patch: http://svn.apache.org/r1661448
      2.4.x patch: http://people.apache.org/~minfrin/httpd-core-errordocument24-3.patch
-     minfrin: +1
+     +1: minfrin
 
+  *) SECURITY: CVE-2015-0253 (cve.mitre.org)
+     core: Fix a crash introduced in with ErrorDocument 400 pointing
+     to a local URL-path with the INCLUDES filter active, introduced
+     in 2.4.11. PR 57531. [Yann Ylavic]
+     trunk patch: http://svn.apache.org/r1664205
+     2.4.x patch: trunk works
+     +1 covener
 
 OTHER PROPOSALS