httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r790587 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_http.c
Date Mon, 06 Jul 2009 08:51:39 GMT
On Sat, Jul 04, 2009 at 11:23:46PM +0100, Nick Kew wrote:
> jorton@apache.org wrote:
>
>>  Changes with Apache 2.3.3
>>  +  *) SECURITY: CVE-2009-1890 (cve.mitre.org) +     Fix a potential 
>> Denial-of-Service attack against mod_proxy in a
>> +     reverse proxy configuration, where a remote attacker can force a
>> +     proxy process to consume CPU time indefinitely.  [Nick Kew, Joe Orton]
>
> I thought in this instance, the original reporter's diagnostic
> work contributed more to the patch than we did.  I think he
> should be credited in the changelog here.

Lots of people help out with diagnosis of many bugs, we typically credit 
in CHANGES only those who came up with the patches.  I certainly should 
have given credit to the reporter in the commit message though, I will 
fix that.

Regards, Joe

Mime
View raw message