httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r791454 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS server/core_filters.c
Date Mon, 06 Jul 2009 12:30:31 GMT
On Mon, Jul 06, 2009 at 08:07:39AM -0400, Jeff Trawick wrote:
> On Mon, Jul 6, 2009 at 8:03 AM, <trawick@apache.org> wrote:
> > URL: http://svn.apache.org/viewvc?rev=791454&view=rev
> > Log:
> > SECURITY: CVE-2009-1891 (cve.mitre.org)
> > Fix a potential Denial-of-Service attack against mod_deflate or other
> > modules, by forcing the server to consume CPU time in compressing a
> > large file after a client disconnects.  [Joe Orton, Ruediger Pluem]
> 
> One of the patches was for
> https://issues.apache.org/bugzilla/show_bug.cgi?id=39605, although that has
> a different symptom.  (See comment in
> http://svn.apache.org/viewvc?view=rev&revision=521681.)  39605 isn't marked
> complete or listed in CHANGES.  Perhaps this is because more fixes are
> needed to address that problem?

Ah, thanks, I meant to add that in but forgot.  Yes, PR 39605 should be 
fixed by these patches.  I've updated CHANGES to reflect that now.

Regards, Joe

Mime
View raw message