Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 14639 invoked from network); 1 Jul 2005 11:03:30 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 1 Jul 2005 11:03:30 -0000 Received: (qmail 35742 invoked by uid 500); 1 Jul 2005 11:03:29 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 35726 invoked by uid 500); 1 Jul 2005 11:03:28 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 35713 invoked by uid 99); 1 Jul 2005 11:03:28 -0000 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Fri, 01 Jul 2005 04:03:28 -0700 Received: (qmail 14601 invoked by uid 65534); 1 Jul 2005 11:03:26 -0000 Message-ID: <20050701110326.14599.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r208744 - /httpd/httpd/branches/2.0.x/STATUS Date: Fri, 01 Jul 2005 11:03:25 -0000 To: cvs@httpd.apache.org From: jorton@apache.org X-Mailer: svnmailer-1.0.2 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: jorton Date: Fri Jul 1 04:03:23 2005 New Revision: 208744 URL: http://svn.apache.org/viewcvs?rev=208744&view=rev Log: - add the appropriate patch to complete the fix for CAN-2005-2088 - random mod_proxy bugs are not showstoppers Modified: httpd/httpd/branches/2.0.x/STATUS Modified: httpd/httpd/branches/2.0.x/STATUS URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=208744&r1=208743&r2=208744&view=diff ============================================================================== --- httpd/httpd/branches/2.0.x/STATUS (original) +++ httpd/httpd/branches/2.0.x/STATUS Fri Jul 1 04:03:23 2005 @@ -112,12 +112,13 @@ * Various fixes to T-E and C-L processing from trunk + proxy HTTP - ignore C-L and disable keepalive to origin server - CAN-2005-2088 http://people.apache.org/~trawick/20.te-cl.txt - +1: trawick - - * proxy_http.c accepts TRACE with a body, violating RFC2616 + +1: trawick, jorton + + core: strip C-L from any request with a T-E header + http://people.apache.org/~jorton/ap_tevscl.diff + (CVE CAN-2005-2088) + +1: jorton PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ please append new backports at the end of this list not the top. ]