You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by tr...@apache.org on 2009/07/02 19:22:54 UTC

svn commit: r790690 - /httpd/httpd/branches/2.2.x/STATUS

Author: trawick
Date: Thu Jul  2 17:22:54 2009
New Revision: 790690

URL: http://svn.apache.org/viewvc?rev=790690&view=rev
Log:
CVE-2009-1890
(tests out okay on 2.2.x with Joe's new testcase, but I'll try to look at it
a little more before voting)

Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=790690&r1=790689&r2=790690&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu Jul  2 17:22:54 2009
@@ -82,6 +82,14 @@
 
 RELEASE SHOWSTOPPERS:
 
+ * SECURITY: CVE-2009-1890 (cve.mitre.org)
+   Fix a potential Denial-of-Service attack against mod_proxy in a
+   reverse proxy configuration, where a remote attacker can force a
+   proxy process to consume CPU time indefinitely.  [Nick Kew, Joe Orton]
+   Trunk version of patch works: 
+       http://svn.apache.org/viewvc?view=rev&revision=790587
+   +1: 
+
  * additional (mod_perl test suite) OPT_INCLUDES compatibility
    trunk: N/A
    2.2.x patch: http://people.apache.org/~trawick/mod_perl_more_compat.txt