httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mru...@apache.org
Subject svn commit: r1619446 - /httpd/httpd/branches/2.2.x/STATUS
Date Thu, 21 Aug 2014 15:35:44 GMT
Author: mrumph
Date: Thu Aug 21 15:35:43 2014
New Revision: 1619446

URL: http://svn.apache.org/r1619446
Log:
Comment on possible trailers CVE delay.

Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1619446&r1=1619445&r2=1619446&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu Aug 21 15:35:43 2014
@@ -111,7 +111,10 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      2.2.x patch:  http://people.apache.org/~covener/patches/httpd-2.2.x-trailers-2.diff
      +1: covener, wrowe, rpluem
      covener: Since this was not released yet in 2.4.x, maybe it's better to cut 2.2.28 w/o
it?
-    
+     mrumph:  Delaying a nonCVE fix would be reasonable to maintain backward compatibility.
+              But for a CVE that has already been made public,
+              wouldn't it make more sense to make the fix available as quickly as possible?
+     
    * mod_deflate: Fix reentrance in output and input filters (buffering of
                   incomplete Zlib header or validation bytes). PR 46146.
      trunk patch: https://svn.apache.org/r1572655



Mime
View raw message