From: Joe Orton <jorton@apache.org>
Date: Fri, 1 Jul 2005 11:03:23 +0000 (+0000)
Subject: - add the appropriate patch to complete the fix for CAN-2005-2088
X-Git-Tag: 2.0.55~138
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=34cf4c1f6cfc0e2da1b93187e075be9d4ed47df1;p=thirdparty%2Fapache%2Fhttpd.git

- add the appropriate patch to complete the fix for CAN-2005-2088
- random mod_proxy bugs are not showstoppers


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@208744 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index dc2d60a902e..39fddff0851 100644
--- a/STATUS
+++ b/STATUS
@@ -112,12 +112,13 @@ RELEASE SHOWSTOPPERS:
     * Various fixes to T-E and C-L processing from trunk
 
       + proxy HTTP - ignore C-L and disable keepalive to origin server
-        CAN-2005-2088
           http://people.apache.org/~trawick/20.te-cl.txt
-        +1: trawick
-
-    * proxy_http.c accepts TRACE with a body, violating RFC2616
+        +1: trawick, jorton
 
+      + core: strip C-L from any request with a T-E header
+          http://people.apache.org/~jorton/ap_tevscl.diff
+          (CVE CAN-2005-2088)
+        +1: jorton
 
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ please append new backports at the end of this list not the top. ]