You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by ji...@apache.org on 2008/06/10 17:33:05 UTC

svn commit: r666156 - /httpd/httpd/branches/2.2.x/STATUS

Author: jim
Date: Tue Jun 10 08:33:04 2008
New Revision: 666156

URL: http://svn.apache.org/viewvc?rev=666156&view=rev
Log:
Propose CVE-2008-2364 patch for 2.2.9

Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=666156&r1=666155&r2=666156&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Tue Jun 10 08:33:04 2008
@@ -130,6 +130,15 @@
    -1: niq - strcasecmp(NULL, ...) when secure is not set
    rpluem: Good catch. Should be fixed by r660461.
 
+ * mod_proxy_http: Handle interim responses better to avoid
+   excessive memory usage and potential denial of service
+   CVE-2008-2364
+   Trunk version of patch:
+         http://svn.apache.org/viewvc?view=rev&revision=666154
+   Backport version for 2.2.x of patch:
+         Trunk version of patch works
+   +1: jim
+
 PATCHES/ISSUES THAT ARE STALLED
 
    * beos MPM: Create pmain pool and run modules' child_init hooks when