httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1611522 - /httpd/httpd/branches/2.2.x/STATUS
Date Fri, 18 Jul 2014 01:00:08 GMT
Author: covener
Date: Fri Jul 18 01:00:08 2014
New Revision: 1611522

URL: http://svn.apache.org/r1611522
Log:

add patch/proposal for CVE-2013-5704 trailers thing


Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1611522&r1=1611521&r2=1611522&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Jul 18 01:00:08 2014
@@ -103,6 +103,19 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
+
+  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
+     core: HTTP trailers could be used to replace HTTP headers
+     late during request processing, potentially undoing or
+     otherwise confusing modules that examined or modified
+     request headers earlier.  Adds "MergeTrailers" directive to restore
+     legacy behavior. 
+     trunk patch: http://svn.apache.org/r1610814 
+                  http://svn.apache.org/r1610686 (mod_log_config ^XX support) 
+                  http://svn.apache.org/r1610707 (mod_log_cofnig ^XX support)
+     2.2.x patch:  http://people.apache.org/~covener/patches/httpd-2.2.x-trailers.diff
+     +1: covener
+    
    * mod_proxy: Don't reuse a SSL backend connection whose SNI differs. PR 55782.
                 This may happen when ProxyPreserveHost is on and the proxy-worker
                 handles connections to different Hosts.



Mime
View raw message