You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2009/09/14 21:49:52 UTC
svn commit: r814808 - /httpd/httpd/branches/2.2.x/STATUS
Author: jorton
Date: Mon Sep 14 19:49:52 2009
New Revision: 814808
URL: http://svn.apache.org/viewvc?rev=814808&view=rev
Log:
Propose -3094/-3095 fixes.
Modified:
httpd/httpd/branches/2.2.x/STATUS
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=814808&r1=814807&r2=814808&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Mon Sep 14 19:49:52 2009
@@ -86,6 +86,19 @@
(https://issues.apache.org/bugzilla/show_bug.cgi?id=47645) which can cause
httpd to hang on Solaris 10 when using event ports.
+ * CVE-2009-3094: mod_proxy_ftp NULL pointer dereference on error paths
+ Trunk patch:
+ http://svn.apache.org/viewvc?view=rev&revision=814652
+ http://svn.apache.org/viewvc?view=rev&revision=814785
+ 2.2.x patch:
+ http://people.apache.org/~jorton/CVE-2009-3094.diff
+ +1: jorton
+
+ * CVE-2009-3095: mod_proxy_ftp sanity check authn credentials
+ Trunk/2.2.x patch:
+ http://svn.apache.org/viewvc?view=rev&revision=814045
+ +1: jorton
+
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]