Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: CVS

svn commit: r1374418 - /httpd/httpd/branches/2.2.x/STATUS

  

 
Apache cvs RSS feed   Index | Next | Previous | View Threaded


wrowe at apache

Aug 17, 2012, 12:57 PM

Post #1 of 1 (34 views)
Permalink
svn commit: r1374418 - /httpd/httpd/branches/2.2.x/STATUS
Author: wrowe
Date: Fri Aug 17 19:57:17 2012
New Revision: 1374418

URL: http://svn.apache.org/viewvc?rev=1374418&view=rev
Log:
Vote and promote

Modified:
httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1374418&r1=1374417&r2=1374418&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Aug 17 19:57:17 2012
@@ -93,6 +93,15 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]

+ * mod_negotiation: Escape filenames in variant list to prevent an
+ possible XSS for a site where untrusted users can upload files to a
+ location with MultiViews enabled.
+ SECURITY: CVE-2012-2687 (cve.mitre.org):
+ Submitted by: Niels Heinen <heinenn google.com>
+ trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1349905
+ 2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1356889
+ 2.2.x patch: trunk patch applies
+ +1: rjung, trawick, wrowe

PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[. New proposals should be added at the end of the list ]
@@ -251,16 +260,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
2.2.x patch: http://people.apache.org/~rjung/patches/htdbm-htpasswd-handling_crypt_failure-2_2.patch
+1: rjung

- * mod_negotiation: Escape filenames in variant list to prevent an
- possible XSS for a site where untrusted users can upload files to a
- location with MultiViews enabled.
- SECURITY: CVE-2012-2687 (cve.mitre.org):
- Submitted by: Niels Heinen <heinenn google.com>
- trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1349905
- 2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1356889
- 2.2.x patch: trunk patch applies
- +1: rjung, trawick
-
* mod_rewrite: add "AllowAnyURI" option.
Prerequisites:
- allow the user to configure which rules come first when RewriteRules

Apache cvs RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.