You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2014/07/26 17:21:16 UTC

svn commit: r1613655 - /httpd/httpd/branches/2.2.x/STATUS

Author: covener
Date: Sat Jul 26 15:21:16 2014
New Revision: 1613655

URL: http://svn.apache.org/r1613655
Log:
add a showstopper Jeff might have found on users@


Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1613655&r1=1613654&r2=1613655&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sat Jul 26 15:21:16 2014
@@ -95,6 +95,8 @@ CURRENT RELEASE NOTES:
 
 RELEASE SHOWSTOPPERS:
 
+  * Something like CVE-2014-0118 (zipbomb) + PROXYREQ_REVERSE + LimitRequestBody looks 
+    like it may be broken in 2.4.10.
 
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]