You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2010/06/14 21:53:55 UTC
svn commit: r139 - in /release/httpd/patches:
apply_to_2.2.15/CVE-2010-2068-r953616.patch
apply_to_2.3.5/CVE-2010-2068-r953418.patch
Author: trawick
Date: Mon Jun 14 19:53:52 2010
New Revision: 139
Log:
add commentary to avoid any confusion about affected
platforms due to presence of additional code in patch
Modified:
release/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch
release/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch
Modified: release/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch
==============================================================================
--- release/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch (original)
+++ release/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch Mon Jun 14 19:53:52 2010
@@ -6,6 +6,10 @@
#
# Only affects mod_proxy_http.c on Windows, Netware and OS2 platforms.
#
+# Note: This patch has an additional, platform-independent change to
+# mark the back-end connection for closing ("backend->close = 1;").
+# That code is not required to resolve CVE-2010-2068 on any platform.
+#
# Is only triggered by proxy pools configured for timeouts shorter than the
# backend server response delay.
#
Modified: release/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch
==============================================================================
--- release/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch (original)
+++ release/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch Mon Jun 14 19:53:52 2010
@@ -6,6 +6,10 @@
#
# Only affects mod_proxy_http.c on Windows, Netware and OS2 platforms.
#
+# Note: This patch has an additional, platform-independent change to
+# mark the back-end connection for closing ("backend->close = 1;").
+# That code is not required to resolve CVE-2010-2068 on any platform.
+#
# Is only triggered by proxy pools configured for timeouts shorter than the
# backend server response delay.
#