httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1179373 - /httpd/httpd/branches/2.2.x/STATUS
Date Wed, 05 Oct 2011 18:38:33 GMT
Author: jim
Date: Wed Oct  5 18:38:32 2011
New Revision: 1179373

URL: http://svn.apache.org/viewvc?rev=1179373&view=rev
Log:
Add patch... both backport and showstopper.

Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1179373&r1=1179372&r2=1179373&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Wed Oct  5 18:38:32 2011
@@ -89,7 +89,11 @@ CURRENT RELEASE NOTES:
 
 RELEASE SHOWSTOPPERS:
 
-
+  * SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
+    reverse proxy configurations by strictly validating the request-URI.
+    Trunk patch: http://svn.apache.org/viewvc?rev=1179239&view=rev
+    2.2.x patch: http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/CVE-2011-3368.patch
+    +1:
 
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]



Mime
View raw message