Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 46733 invoked from network); 6 Jul 2009 08:52:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 6 Jul 2009 08:52:05 -0000 Received: (qmail 3262 invoked by uid 500); 6 Jul 2009 08:52:14 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 3198 invoked by uid 500); 6 Jul 2009 08:52:14 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 3188 invoked by uid 99); 6 Jul 2009 08:52:14 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Jul 2009 08:52:14 +0000 X-ASF-Spam-Status: No, hits=-4.0 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jorton@redhat.com designates 66.187.237.31 as permitted sender) Received: from [66.187.237.31] (HELO mx2.redhat.com) (66.187.237.31) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Jul 2009 08:52:04 +0000 Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n668pfdB023802 for ; Mon, 6 Jul 2009 04:51:41 -0400 Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n668pfAh009506 for ; Mon, 6 Jul 2009 04:51:41 -0400 Received: from turnip.manyfish.co.uk (vpn-12-6.rdu.redhat.com [10.11.12.6]) by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n668peXZ007693 for ; Mon, 6 Jul 2009 04:51:40 -0400 Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.69) (envelope-from ) id 1MNjvH-0002LQ-Dz for dev@httpd.apache.org; Mon, 06 Jul 2009 09:51:39 +0100 Date: Mon, 6 Jul 2009 09:51:39 +0100 From: Joe Orton To: dev@httpd.apache.org Subject: Re: svn commit: r790587 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_http.c Message-ID: <20090706085139.GA6059@redhat.com> Mail-Followup-To: dev@httpd.apache.org References: <20090702134118.8F74B238888E@eris.apache.org> <4A4FD672.5070305@webthing.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <4A4FD672.5070305@webthing.com> User-Agent: Mutt/1.5.18 (2008-05-17) Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in UK and Wales under Company Registration No. 03798903 Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA) X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 X-Virus-Checked: Checked by ClamAV on apache.org On Sat, Jul 04, 2009 at 11:23:46PM +0100, Nick Kew wrote: > jorton@apache.org wrote: > >> Changes with Apache 2.3.3 >> + *) SECURITY: CVE-2009-1890 (cve.mitre.org) + Fix a potential >> Denial-of-Service attack against mod_proxy in a >> + reverse proxy configuration, where a remote attacker can force a >> + proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton] > > I thought in this instance, the original reporter's diagnostic > work contributed more to the patch than we did. I think he > should be credited in the changelog here. Lots of people help out with diagnosis of many bugs, we typically credit in CHANGES only those who came up with the patches. I certainly should have given credit to the reporter in the commit message though, I will fix that. Regards, Joe