You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2008/06/10 17:33:05 UTC
svn commit: r666156 - /httpd/httpd/branches/2.2.x/STATUS
Author: jim
Date: Tue Jun 10 08:33:04 2008
New Revision: 666156
URL: http://svn.apache.org/viewvc?rev=666156&view=rev
Log:
Propose CVE-2008-2364 patch for 2.2.9
Modified:
httpd/httpd/branches/2.2.x/STATUS
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=666156&r1=666155&r2=666156&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Tue Jun 10 08:33:04 2008
@@ -130,6 +130,15 @@
-1: niq - strcasecmp(NULL, ...) when secure is not set
rpluem: Good catch. Should be fixed by r660461.
+ * mod_proxy_http: Handle interim responses better to avoid
+ excessive memory usage and potential denial of service
+ CVE-2008-2364
+ Trunk version of patch:
+ http://svn.apache.org/viewvc?view=rev&revision=666154
+ Backport version for 2.2.x of patch:
+ Trunk version of patch works
+ +1: jim
+
PATCHES/ISSUES THAT ARE STALLED
* beos MPM: Create pmain pool and run modules' child_init hooks when