Propose fix for CVE-2014-3583.

author Yann Ylavic <ylavic@apache.org>

Wed, 12 Nov 2014 15:54:11 +0000 (15:54 +0000)

committer Yann Ylavic <ylavic@apache.org>

Wed, 12 Nov 2014 15:54:11 +0000 (15:54 +0000)
author Yann Ylavic <ylavic@apache.org>
Wed, 12 Nov 2014 15:54:11 +0000 (15:54 +0000)
committer Yann Ylavic <ylavic@apache.org>
Wed, 12 Nov 2014 15:54:11 +0000 (15:54 +0000)
diff --git a/STATUS b/STATUS

index e2f4e7bcc0416570b6c779f009a074eb3b5312a1..3784e383460e750973a442431b0eca0c1af8b6e6 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -107,6 +107,12 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
  PATCHES PROPOSED TO BACKPORT FROM TRUNK:
    [ New proposals should be added at the end of the list ]
  
+   * SECURITY: CVE-2014-3583 (cve.mitre.org)
+     mod_proxy_fcgi: Fix a potential crash with response headers' size above 8K.
+     trunk patch: http://svn.apache.org/r1638818
+     2.4.x patch: trunk works (modulo CHANGES)
+     +1: ylavic
+
     * mod_proxy: Preserve original request headers even if they differ
                  from the ones to be forwarded to the backend. PR 45387.
       trunk patch: http://svn.apache.org/r1588527
author	Yann Ylavic <ylavic@apache.org>
	Wed, 12 Nov 2014 15:54:11 +0000 (15:54 +0000)
committer	Yann Ylavic <ylavic@apache.org>
	Wed, 12 Nov 2014 15:54:11 +0000 (15:54 +0000)