You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2009/07/02 19:22:54 UTC
svn commit: r790690 - /httpd/httpd/branches/2.2.x/STATUS
Author: trawick
Date: Thu Jul 2 17:22:54 2009
New Revision: 790690
URL: http://svn.apache.org/viewvc?rev=790690&view=rev
Log:
CVE-2009-1890
(tests out okay on 2.2.x with Joe's new testcase, but I'll try to look at it
a little more before voting)
Modified:
httpd/httpd/branches/2.2.x/STATUS
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=790690&r1=790689&r2=790690&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu Jul 2 17:22:54 2009
@@ -82,6 +82,14 @@
RELEASE SHOWSTOPPERS:
+ * SECURITY: CVE-2009-1890 (cve.mitre.org)
+ Fix a potential Denial-of-Service attack against mod_proxy in a
+ reverse proxy configuration, where a remote attacker can force a
+ proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
+ Trunk version of patch works:
+ http://svn.apache.org/viewvc?view=rev&revision=790587
+ +1:
+
* additional (mod_perl test suite) OPT_INCLUDES compatibility
trunk: N/A
2.2.x patch: http://people.apache.org/~trawick/mod_perl_more_compat.txt