httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: svn commit: r790587 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_http.c
Date Mon, 06 Jul 2009 19:51:30 GMT
Nick Kew wrote:
> jorton@apache.org wrote:
> 
>>  Changes with Apache 2.3.3
>>  
>> +  *) SECURITY: CVE-2009-1890 (cve.mitre.org) +     Fix a potential
>> Denial-of-Service attack against mod_proxy in a
>> +     reverse proxy configuration, where a remote attacker can force a
>> +     proxy process to consume CPU time indefinitely.  [Nick Kew, Joe
>> Orton]
> 
> I thought in this instance, the original reporter's diagnostic
> work contributed more to the patch than we did.  I think he
> should be credited in the changelog here.

+1, and absolutely first credit, he nailed the bug on nose :)

Mime
View raw message