httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: VOTE PLEASE! Re: svn commit: r1610674 - in /httpd/httpd/trunk: include/ap_mmn.h include/httpd.h modules/proxy/mod_proxy_http.c modules/proxy/proxy_util.c server/util.c
Date Tue, 15 Jul 2014 16:03:41 GMT
On Tue, Jul 15, 2014 at 11:59 AM, Joe Orton <jorton@redhat.com> wrote:

> On Tue, Jul 15, 2014 at 02:41:44PM +0100, Joe Orton wrote:
> > I've stuck it in STATUS.  Any other opinions?
>
> Come on... one more for this, either way?
>
>    * mod_proxy Connection handling crasher, CVE-2014-0117
>    trunk patch: http://svn.apache.org/r1610674
>    ALTERNATIVE #1
>    2.4.x patch:
> http://people.apache.org/~jorton/CVE-2014-0117-simple.patch
>    +1: jorton, jim
>

dirty deed done


>
>    ALTERNATIVE #2
>    2.4.x patch:
> http://people.apache.org/~jorton/2.4.x-CVE-2014-0117_v2.patch (ylavic)
>    +1: jorton, ylavic
>    -0.99: jim (not enough time for a serious review for inclusion in
> 2.4.10)
>    ylavic: works here, and checking RFC compliance if the Connection header
>            looks quite important to me.
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/

Mime
View raw message