You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2011/10/05 20:42:28 UTC
svn commit: r1179375 - /httpd/httpd/branches/2.0.x/STATUS
Author: jim
Date: Wed Oct 5 18:42:28 2011
New Revision: 1179375
URL: http://svn.apache.org/viewvc?rev=1179375&view=rev
Log:
Add these as showstoppers...
Modified:
httpd/httpd/branches/2.0.x/STATUS
Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=1179375&r1=1179374&r2=1179375&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Wed Oct 5 18:42:28 2011
@@ -114,10 +114,27 @@ CURRENT RELEASE NOTES:
RELEASE SHOWSTOPPERS:
+ * SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
+ reverse proxy configurations by strictly validating the request-URI.
+ Trunk patch: http://svn.apache.org/viewvc?rev=1179239&view=rev
+ 2.2.x patch: http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/CVE-2011-3368.patch
+ +1: jim
+
+ * byterange: Range of '0-' returns 206.
+ Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1175980
+ http://svn.apache.org/viewvc?view=revision&revision=1175992
+ 2.2.x patch: http://svn.apache.org/viewvc?view=revision&revision=1177080
+ 2.2.x patch: http://svn.apache.org/viewvc?view=revision&revision=1177081
+ 2.0.x patch: http://people.apache.org/~jim/patches/2.0-byterange0-.txt
+ +1: jim, rjung
+ rjung: You might want to add the "special case: 0- ..." comment from the
+ 2.2 patch. I'm fine either way.
+
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
+
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ please place SVN revisions from trunk here, so it is easy to
identify exactly what the proposed changes are! Add all new
@@ -155,16 +172,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
Revert r1002174 in test framework, once this is fixed.
+1: rjung, wrowe
- * byterange: Range of '0-' returns 206.
- Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1175980
- http://svn.apache.org/viewvc?view=revision&revision=1175992
- 2.2.x patch: http://svn.apache.org/viewvc?view=revision&revision=1177080
- 2.2.x patch: http://svn.apache.org/viewvc?view=revision&revision=1177081
- 2.0.x patch: http://people.apache.org/~jim/patches/2.0-byterange0-.txt
- +1: jim, rjung
- rjung: You might want to add the "special case: 0- ..." comment from the
- 2.2 patch. I'm fine either way.
-
* byterange: Backport MaxRanges configuration directive and
ap_set_accept_ranges() utility function.
Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1162584