Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 39350 invoked from network); 6 Aug 2007 17:42:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Aug 2007 17:42:38 -0000 Received: (qmail 70713 invoked by uid 500); 6 Aug 2007 17:42:33 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 70696 invoked by uid 500); 6 Aug 2007 17:42:33 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 70681 invoked by uid 99); 6 Aug 2007 17:42:33 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Aug 2007 10:42:33 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Aug 2007 17:42:33 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 49A261A981A; Mon, 6 Aug 2007 10:42:13 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r563203 - /httpd/httpd/branches/2.0.x/STATUS Date: Mon, 06 Aug 2007 17:42:13 -0000 To: cvs@httpd.apache.org From: covener@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070806174213.49A261A981A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: covener Date: Mon Aug 6 10:42:12 2007 New Revision: 563203 URL: http://svn.apache.org/viewvc?view=rev&rev=563203 Log: propose CVE-2007-3847 for backport Modified: httpd/httpd/branches/2.0.x/STATUS Modified: httpd/httpd/branches/2.0.x/STATUS URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?view=diff&rev=563203&r1=563202&r2=563203 ============================================================================== --- httpd/httpd/branches/2.0.x/STATUS (original) +++ httpd/httpd/branches/2.0.x/STATUS Mon Aug 6 10:42:12 2007 @@ -142,6 +142,14 @@ http://svn.apache.org/viewcvs.cgi?rev=102870&view=rev +1: wrowe, colm + *) SECURITY: CVE-2007-3847 + mod_proxy: Prevent reading past the end of a buffer when parsing + date-related headers. PR 41144. + 2.2.x: http://svn.apache.org/viewvc?view=rev&revision=563198 + 2.0.x: http://people.apache.org/~covener/proxy-util-20x.patch + (Same as 2.2 but removed lines have hard tabs) + +1: covener + PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON: *) mod_headers: Support {...}s tag for SSL variable lookup.