You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by jo...@apache.org on 2009/09/14 21:49:52 UTC

svn commit: r814808 - /httpd/httpd/branches/2.2.x/STATUS

Author: jorton
Date: Mon Sep 14 19:49:52 2009
New Revision: 814808

URL: http://svn.apache.org/viewvc?rev=814808&view=rev
Log:
Propose -3094/-3095 fixes.

Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=814808&r1=814807&r2=814808&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Mon Sep 14 19:49:52 2009
@@ -86,6 +86,19 @@
   (https://issues.apache.org/bugzilla/show_bug.cgi?id=47645) which can cause
   httpd to hang on Solaris 10 when using event ports.
 
+  * CVE-2009-3094: mod_proxy_ftp NULL pointer dereference on error paths
+    Trunk patch:
+      http://svn.apache.org/viewvc?view=rev&revision=814652
+      http://svn.apache.org/viewvc?view=rev&revision=814785
+    2.2.x patch:
+      http://people.apache.org/~jorton/CVE-2009-3094.diff
+    +1: jorton
+
+  * CVE-2009-3095: mod_proxy_ftp sanity check authn credentials
+    Trunk/2.2.x patch:
+      http://svn.apache.org/viewvc?view=rev&revision=814045
+    +1: jorton
+
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]