httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r943603 - /httpd/httpd/branches/2.0.x/STATUS
Date Wed, 12 May 2010 18:08:32 GMT
Author: trawick
Date: Wed May 12 18:08:31 2010
New Revision: 943603

URL: http://svn.apache.org/viewvc?rev=943603&view=rev
Log:
propose backporting a few security fixes to the 2.0.x branch

I haven't properly reviewed/tested these yet myself, but I'd guess
that some among us may be in a good position to review.  (And I
should get to it eventually.)

Modified:
    httpd/httpd/branches/2.0.x/STATUS

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=943603&r1=943602&r2=943603&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Wed May 12 18:08:31 2010
@@ -202,6 +202,27 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
     with some offset and fuzz.
     +1: rjung
 
+  * mod_proxy_ftp, CVE-2009-3094, NULL pointer dereference on error paths
+    Patch in 2.2.x branch:
+      http://svn.apache.org/viewvc?view=revision&revision=814844
+    Backport:
+      http://people.apache.org/~trawick/CVE-2009-3094-2.0.txt
+    +1:
+
+  * mod_proxy_ftp, CVE-2009-3095, sanity check authn credentials
+    Patch in 2.2.x branch:
+      http://svn.apache.org/viewvc?view=revision&revision=814847
+    Backport:
+      http://people.apache.org/~trawick/CVE-2009-3095-2.0.txt
+    +1:
+
+  * core output filter, CVE-2009-1891, consuming CPU after client disconnects
+    Patch in 2.2.x branch:
+      http://svn.apache.org/viewvc?view=revision&revision=791454
+    Dan's patch posted last year for 2.0.x:
+      http://people.apache.org/~trawick/CVE-2009-1891-2.0-poirier.txt
+    +1:
+
 PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON:
 
     *) mod_headers: Support {...}s tag for SSL variable lookup.



Mime
View raw message