httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: svn commit: r943749 - /httpd/httpd/branches/2.0.x/STATUS
Date Thu, 13 May 2010 11:33:08 GMT
On Wed, May 12, 2010 at 7:28 PM,  <pgollucci@apache.org> wrote:
> Author: pgollucci
> Date: Wed May 12 23:28:53 2010
> New Revision: 943749
>
> URL: http://svn.apache.org/viewvc?rev=943749&view=rev
> Log:
> vote
>
> Modified:
>    httpd/httpd/branches/2.0.x/STATUS
>
> Modified: httpd/httpd/branches/2.0.x/STATUS
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=943749&r1=943748&r2=943749&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.0.x/STATUS (original)
> +++ httpd/httpd/branches/2.0.x/STATUS Wed May 12 23:28:53 2010
> @@ -172,7 +172,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>       http://svn.apache.org/viewvc?rev=833622&view=rev
>     Backport version for 2.0.x of patch (Updated with backport of r881222):
>       http://people.apache.org/~rjung/patches/cve-2009-3555_httpd_2_0_x-v2.patch
> -    +1: rjung, rpluem
> +    +1: rjung, rpluem, pgollucci (+1 2.0.64 w/ this)
>
>   * mod_ssl: Further mitigation for the TLS renegotation attack, CVE-2009-3555
>     Trunk version of patch:
> @@ -183,7 +183,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>       http://people.apache.org/~rjung/patches/cve-2009-3555_httpd_2_0_x-backport-r891282.patch
>     Patch applies also on top of above partial fix for CVE-2009-3555
>     with some offset.
> -    +1: rjung
> +    +1: rjung, pgollucci (+1 2.0.64 w/ this)
>
>   * mod_ssl: Implement SSLInsecureRenegotiation
>     Trunk version of patch:
> @@ -200,28 +200,31 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>       http://people.apache.org/~rjung/patches/SSLInsecureRenegotiation_httpd_2_0_x-backport-r917044.patch
>     Patch applies also on top of the two above partial fixes for CVE-2009-3555
>     with some offset and fuzz.
> -    +1: rjung
> +    +1: rjung, pgollucci (+1 2.0.64 w/ this)
>
>   * mod_proxy_ftp, CVE-2009-3094, NULL pointer dereference on error paths
>     Patch in 2.2.x branch:
>       http://svn.apache.org/viewvc?view=revision&revision=814844
>     Backport:
>       http://people.apache.org/~trawick/CVE-2009-3094-2.0.txt
> -    +1:
> +    +1: pgollucci
> +      PG: whomever proposed this should vote for it

Perhaps...  As I said in my commit:

"I haven't properly reviewed/tested these yet myself, but I'd guess
that some among us may be in a good position to review.  (And I
should get to it eventually.)"

Being more explicit about "good position to review:"  There are
probably devs here who have already made the patch determination,
tested the fix on 2.0.x, and delivered it to their users.

Mime
View raw message