You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by jo...@apache.org on 2009/07/03 11:53:03 UTC

svn commit: r790840 - /httpd/httpd/branches/2.2.x/STATUS

Author: jorton
Date: Fri Jul  3 09:53:03 2009
New Revision: 790840

URL: http://svn.apache.org/viewvc?rev=790840&view=rev
Log:
Propose fixes for the mod_deflate DoS.

Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=790840&r1=790839&r2=790840&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Jul  3 09:53:03 2009
@@ -90,6 +90,18 @@
        http://svn.apache.org/viewvc?view=rev&revision=790587
    +1: rpluem
 
+ * SECURITY: CVE-2009-1891 (cve.mitre.org)
+   Fix a potential Denial-of-Service attack against mod_deflate or
+   other modules, by forcing the server to consume CPU time in
+   compressing a large file after a client disconnects.
+   2.2.x patches:
+     http://people.apache.org/~jorton/CVE-2009-1891.1.diff
+     http://people.apache.org/~jorton/CVE-2009-1891.2.diff
+   Trunk version of patch:
+     #1 folded in during core output filter refactoring
+     #2 http://svn.apache.org/viewvc?view=rev&revision=521681
+   +1: jorton
+
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]