trawick at apache
Jul 2, 2009, 10:22 AM
Views: 122
Permalink
|
|
svn commit: r790690 - /httpd/httpd/branches/2.2.x/STATUS
|
|
Author: trawick
Date: Thu Jul 2 17:22:54 2009
New Revision: 790690
URL: http://svn.apache.org/viewvc?rev=790690&view=rev
Log:
CVE-2009-1890
(tests out okay on 2.2.x with Joe's new testcase, but I'll try to look at it
a little more before voting)
Modified:
httpd/httpd/branches/2.2.x/STATUS
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=790690&r1=790689&r2=790690&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu Jul 2 17:22:54 2009
@@ -82,6 +82,14 @@
RELEASE SHOWSTOPPERS:
+ * SECURITY: CVE-2009-1890 (cve.mitre.org)
+ Fix a potential Denial-of-Service attack against mod_proxy in a
+ reverse proxy configuration, where a remote attacker can force a
+ proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
+ Trunk version of patch works:
+ http://svn.apache.org/viewvc?view=rev&revision=790587
+ +1:
+
* additional (mod_perl test suite) OPT_INCLUDES compatibility
trunk: N/A
2.2.x patch: http://people.apache.org/~trawick/mod_perl_more_compat.txt
|
svn commit: r790690 - /httpd/httpd/branches/2.2.x/STATUS