httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1610891 - /httpd/httpd/branches/2.2.x/STATUS
Date Wed, 16 Jul 2014 01:03:30 GMT
Author: covener
Date: Wed Jul 16 01:03:29 2014
New Revision: 1610891

URL: http://svn.apache.org/r1610891
Log:
get proposal CVE-2014-0117 on the books

Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1610891&r1=1610890&r2=1610891&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Wed Jul 16 01:03:29 2014
@@ -146,6 +146,14 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      2.2.x patch: http://people.apache.org/~covener/patches/httpd-2.2.x-deflate_limitrequestbody.diff
      +1: covener, ylavic
 
+
+   * SECURITY: CVE-2014-0117 (cve.mitre.org)
+     Fix crashing with mod_proxy Connection handling.
+     trunk patch: http://svn.apache.org/r1610674
+     2.4.x patch: http://svn.apache.org/r1610737 (simplified ver)
+     2.2.x patch: 2.4 works
+     +1 covener:
+
    * mod_proxy: Don't reuse a SSL backend connection whose SNI differs. PR 55782.
                 This may happen when ProxyPreserveHost is on and the proxy-worker
                 handles connections to different Hosts.



Mime
View raw message