wrowe seemed interested in publishing patches, and the current

text for CVE-2011-3368 implies that a patch will be made available

any other interested parties?

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@1239151 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index e91fcb0027a3f907a0d3bf9c697803c973cbc987..8446a561a53ec89cc9885327c0942add99be1045 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -59,6 +59,19 @@ Release:
 
    ** THIS BRANCH IS CLOSED TO DEVELOPMENT AND MAINTENANCE **
 
+POST-RETIREMENT SECURITY PATCHES:
+
+   (for distribution in the official patches directory)
+
+   *) CVE-2011-3368/CVE-2011-4317
+      http://people.apache.org/~trawick/1.3-CVE-2011-4317-r1235443.patch
+      +1: trawick
+
+   *) CVE-2012-0053
+      http://people.apache.org/~trawick/1.3-CVE-2012-0053-r1234837.patch
+      +1: trawick
+      trawick: I'll update the security doc once I get an idea of whether
+               or not a patch will be made available.
 
 UNADDRESSED ISSUES: