httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r208744 - /httpd/httpd/branches/2.0.x/STATUS
Date Fri, 01 Jul 2005 11:03:25 GMT
Author: jorton
Date: Fri Jul  1 04:03:23 2005
New Revision: 208744

URL: http://svn.apache.org/viewcvs?rev=208744&view=rev
Log:
- add the appropriate patch to complete the fix for CAN-2005-2088
- random mod_proxy bugs are not showstoppers

Modified:
    httpd/httpd/branches/2.0.x/STATUS

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=208744&r1=208743&r2=208744&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Fri Jul  1 04:03:23 2005
@@ -112,12 +112,13 @@
     * Various fixes to T-E and C-L processing from trunk
 
       + proxy HTTP - ignore C-L and disable keepalive to origin server
-        CAN-2005-2088
           http://people.apache.org/~trawick/20.te-cl.txt
-        +1: trawick
-
-    * proxy_http.c accepts TRACE with a body, violating RFC2616
+        +1: trawick, jorton
 
+      + core: strip C-L from any request with a T-E header
+          http://people.apache.org/~jorton/ap_tevscl.diff
+          (CVE CAN-2005-2088)
+        +1: jorton
 
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ please append new backports at the end of this list not the top. ]



Mime
View raw message