3368/4317 notes/proposal

author Jeff Trawick <trawick@apache.org>

Sun, 29 Jan 2012 00:11:09 +0000 (00:11 +0000)

committer Jeff Trawick <trawick@apache.org>

Sun, 29 Jan 2012 00:11:09 +0000 (00:11 +0000)
author Jeff Trawick <trawick@apache.org>
Sun, 29 Jan 2012 00:11:09 +0000 (00:11 +0000)
committer Jeff Trawick <trawick@apache.org>
Sun, 29 Jan 2012 00:11:09 +0000 (00:11 +0000)
diff --git a/STATUS b/STATUS

index d04e701337880d0362c14271be75330f86225bae..698439472de9b9c887192c8a30417eccdf1d91f1 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -146,6 +146,20 @@ RELEASE SHOWSTOPPERS:
       backend network exposure in some configurations.
       [Joe Orton]
  
+     trawick: Applying the existing 2.0.x patch for CVE-2011-3368 to
+              2.0.64, the three well-known testcases work for HTTP 1.0
+              but fail with HTTP 0.9; after applying r1235443 (backing
+              out the server/protocol.c change and fixing rewrite and
+              proxy), the three well-known testcases work for me with
+              both HTTP 1.0 and HTTP 0.9.
+
+     From 2.2.x: http://svn.apache.org/viewvc?view=revision&revision=1235443
+              (sorry, I fitted the minor changes manually into 2.0.64
+              after first applying the original CVE-2011-3368 patch
+              for an intermediate test step; I haven't properly tested
+              patch-ability yet)
+       +1: trawick
+
    *) SECURITY: CVE-2012-0031 (cve.mitre.org)
       Fix scoreboard issue which could allow an unprivileged child process 
       could cause the parent to crash at shutdown rather than terminate
author	Jeff Trawick <trawick@apache.org>
	Sun, 29 Jan 2012 00:11:09 +0000 (00:11 +0000)
committer	Jeff Trawick <trawick@apache.org>
	Sun, 29 Jan 2012 00:11:09 +0000 (00:11 +0000)