httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn propchange: r953616 - svn:log
Date Mon, 14 Jun 2010 19:47:55 GMT
Author: trawick
Revision: 953616
Modified property: svn:log

Modified: svn:log at Mon Jun 14 19:47:55 2010
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Mon Jun 14 19:47:55 2010
@@ -4,6 +4,11 @@ mod_proxy_http, mod_proxy_ajp, mod_reqti
 Use APR_STATUS_IS_TIMEUP instead of direct compare
 to APR_TIMEUP to be more safe on different platforms.
 
+Note: This commit has an additional, platform-independent change to
+mod_proxy_http.c to mark the back-end connection for closing 
+("backend->close = 1;").  That code is not required to resolve 
+CVE-2010-2068 on any platform.
+
 PR: 49417
 Addresses CVE-2010-2068 (changes to mod_proxy_http.c)
 Submitted by: rjung, rpluem


Mime
View raw message