Comment, vote, propose.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1393644 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index 8bce61b8fe8593c3cff5070ae04663bd22479879..9aec7d013a3c7ba17fd5dfa2d5d2d15c48387225 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -120,12 +120,13 @@ RELEASE SHOWSTOPPERS:
      trawick: I assume the former is reflected in the fixes below.
               I don't see mod_rewrite example fixes, but maybe I'm searching
               ineffectively.  Hints?
+     rjung: Same here.
 
   *) SECURITY: CVE-2010-2068 (cve.mitre.org)
      mod_proxy_ajp, mod_proxy_http, mod_reqtimeout: Fix timeout detection
      for platforms Windows, Netware and OS2.  PR: 49417. [Rainer Jung]
      rjung: mod_proxy_ajp and mod_reqtimeout don't apply for 2.0.x
-            I checked proxy_http and could not find a code path to fix.
+            I checked proxy_http and could not find a buggy code path.
             More eyes welcome.
      jim: not a showstopper, imo
 
@@ -170,8 +171,26 @@ RELEASE SHOWSTOPPERS:
      From 2.2.x: http://svn.apache.org/viewvc?view=revision&revision=1235443
         Individual patches apply with offsets; here's a clean all-in-one:
         http://people.apache.org/~trawick/2.0-CVE-2011-4317-r1235443.patch
-       +1: jim
+       +1: jim, rjung
        trawick: 2.2/2.4 now have a different solution (AllowAnyURI).
+       rjung: I added the AllowAnyURI patch below. It must be applied
+              on top of 2.0-CVE-2011-4317-r1235443.patch.
+
+   * Add AllowAnyURI, fix mod_rewrite configuration in Location.
+     Patch must be applied on top of the CVE-2011-4317 patch above.
+     Note that I added a minor MMN bump, since in 2.0 the structure definitions
+     are in mod_rewrite.h and not in mod_rewrite.c, so the needed change IMHO
+     is public and needs a bump.
+     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1356115 and
+                  http://svn.apache.org/viewvc?view=revision&revision=1356813 and
+                  http://svn.apache.org/viewvc?view=revision&revision=1086662 and
+                  http://svn.apache.org/viewvc?view=revision&revision=1032431
+     2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1359687 and
+                  http://svn.apache.org/viewvc?view=revision&revision=1086662 and
+                  http://svn.apache.org/viewvc?view=revision&revision=1032431
+     2.2.x patch: http://svn.apache.org/viewvc?rev=1375113&view=rev
+     2.0.x patch: http://people.apache.org/~rjung/patches/2.0-AllowAnyURI.patch
+     +1: rjung
 
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]