httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: svn commit: r791454 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS server/core_filters.c
Date Mon, 06 Jul 2009 12:31:39 GMT
IMHO 39605 is fixed by the patches in 2.2.x as well.
So we should close it and add its number to the comment.
 
Regards
 
Rüdiger



________________________________

	From: Jeff Trawick  
	 Sent: Montag, 6. Juli 2009 14:08
	To: dev@httpd.apache.org
	Subject: Re: svn commit: r791454 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS server/core_filters.c
	
	
	On Mon, Jul 6, 2009 at 8:03 AM, <trawick@apache.org> wrote:
	

		Author: trawick
		Date: Mon Jul  6 12:03:20 2009
		New Revision: 791454
		
		URL: http://svn.apache.org/viewvc?rev=791454&view=rev
		Log:
		SECURITY: CVE-2009-1891 (cve.mitre.org)
		Fix a potential Denial-of-Service attack against mod_deflate or other
		modules, by forcing the server to consume CPU time in compressing a
		large file after a client disconnects.  [Joe Orton, Ruediger Pluem]


	One of the patches was for  https://issues.apache.org/bugzilla/show_bug.cgi?id=39605, although
that has a different symptom.  (See comment in http://svn.apache.org/viewvc?view=rev&revision=521681.)
 39605 isn't marked complete or listed in CHANGES.  Perhaps this is because more fixes are
needed to address that problem?
	



Mime
View raw message