httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Trawick" <traw...@gmail.com>
Subject Re: svn commit: r556298 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS server/mpm_common.c
Date Thu, 19 Jul 2007 12:30:37 GMT
On 7/14/07, sctemme@apache.org <sctemme@apache.org> wrote:
> Author: sctemme
> Date: Sat Jul 14 10:03:18 2007
> New Revision: 556298
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=556298
> Log:
> Backport of 2.0.x PID table problem fix

> +  *) SECURITY: CVE-2007-3304 (cve.mitre.org)
> +     scoreboard pid protection fixes -- the only fix for 2.0.x is
> +     to ensure a valid positive pid is passed to apr_proc_wait();
> +     the MPMs do not kill children directly as in 2.2.x.

assert(
CVE-2007-3304 does not apply to 2.0.x.  This commit is a fix in the
same general area as the 2.2.x vulnerability and should not have the
SECURITY/CVE label.
)

Mime
View raw message