httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1611499 - /httpd/httpd/branches/2.2.x/STATUS
Date Thu, 17 Jul 2014 22:45:51 GMT
Author: covener
Date: Thu Jul 17 22:45:50 2014
New Revision: 1611499

URL: http://svn.apache.org/r1611499
Log:
drop CVE-2014-0117 proposal, 2.2 not affected


Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1611499&r1=1611498&r2=1611499&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu Jul 17 22:45:50 2014
@@ -99,18 +99,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * SECURITY: CVE-2014-0117 (cve.mitre.org)
-     Fix crashing with mod_proxy Connection handling.
-     trunk patch: http://svn.apache.org/r1610674
-     2.4.x patch: http://svn.apache.org/r1610737 (simplified ver)
-     2.2.x patch: 2.4 works
-     +1:
-     -1: jorton: patch does not apply (or should not, though "svn merge" works),
-                 the code in 2.2.x looks safe by eyeball and testing.
-     covener:   +1 for N/A CVE -- no ap_get_token() in this path for 2.2.x
-     ylavic: indeed, +1 for N/A
-     wrowe: echo covener, +1, and +1 for CVE N/A
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]



Mime
View raw message