httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject [PATCH] did I understand the mod_cgid fix properly?
Date Mon, 14 Jul 2014 21:18:36 GMT
Index: CHANGES
===================================================================
--- CHANGES (revision 1610531)
+++ CHANGES (working copy)
@@ -16,8 +16,10 @@
   *) SECURITY: CVE-2014-0231 (cve.mitre.org)
      mod_cgid: Fix a denial of service against CGI scripts that do
      not consume stdin that could lead to lingering HTTPD child processes
-     filling up the scoreboard and eventually hanging the server. Adds
-     "CGIDScriptTimeout" directive.
+     filling up the scoreboard and eventually hanging the server.  By
+     default, the client I/O timeout (Timeout directive) now applies to
+     communication with scripts.  The CGIDScriptTimeout directive can be
+     used to set a different timeout for communication with scripts.
      [Rainer Jung, Eric Covener, Yann Ylavic]

   *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions


Make sense?

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/

Mime
View raw message