From 030d041cfff4f0bc3fb1d536fc49ebe283a29079 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Sun, 30 Nov 2014 01:43:52 +0000
Subject: [PATCH] propose mild mod_lua CVE

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642500 13f79535-47bb-0310-9956-ffa450edef68
---
 STATUS | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/STATUS b/STATUS
index 5bf3b8bea68..1a7fc5e58a4 100644
--- a/STATUS
+++ b/STATUS
@@ -109,6 +109,14 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
+  *) SECURITY: CVE-2014-8109 (cve.mitre.org)
+     mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
+              used in multiple Require directives with different arguments.
+              PR57204. 
+     trunk patch: http://svn.apache.org/r1642499
+     2.4.x patch: trunk works:
+     +1 covener
+       
    * mod_proxy: Preserve original request headers even if they differ
                 from the ones to be forwarded to the backend. PR 45387.
      trunk patch: http://svn.apache.org/r1588527
-- 
2.47.3