httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Poirier <poir...@pobox.com>
Subject Re: svn commit: r791454 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS server/core_filters.c
Date Tue, 07 Jul 2009 17:14:28 GMT
> Author: trawick
> Date: Mon Jul  6 12:03:20 2009
> New Revision: 791454
>
> URL: http://svn.apache.org/viewvc?rev=791454&view=rev
> Log:
> SECURITY: CVE-2009-1891 (cve.mitre.org)
> Fix a potential Denial-of-Service attack against mod_deflate or other 
> modules, by forcing the server to consume CPU time in compressing a 
> large file after a client disconnects.  [Joe Orton, Ruediger Pluem]
>
> Submitted by: jorton, rpluem
> Reviewed by:  jim, trawick
>
>
> Modified:
>     httpd/httpd/branches/2.2.x/CHANGES
>     httpd/httpd/branches/2.2.x/STATUS
>     httpd/httpd/branches/2.2.x/server/core_filters.c

Would anyone care to backport this to 2.0.x?  The changes appear to
apply trivially to the core_output_filter() in server/core.c.  I'll
attach the patch:


Mime
View raw message