Propose two.

author Joe Orton <jorton@apache.org>

Fri, 29 Jun 2007 17:05:59 +0000 (17:05 +0000)

committer Joe Orton <jorton@apache.org>

Fri, 29 Jun 2007 17:05:59 +0000 (17:05 +0000)
author Joe Orton <jorton@apache.org>
Fri, 29 Jun 2007 17:05:59 +0000 (17:05 +0000)
committer Joe Orton <jorton@apache.org>
Fri, 29 Jun 2007 17:05:59 +0000 (17:05 +0000)
diff --git a/STATUS b/STATUS

index 779ec89abd70e24a8b5fe86989d3e30c0b6d4d52..b7dd7e49f5fe4eda96edaafdc969c69d95d6f9eb 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -146,6 +146,21 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
         http://svn.apache.org/viewvc?view=rev&rev=520733
         +1: wrowe
  
+    * SECURITY: CVE-2007-3304
+      scoreboard pid protection fixes -- the only fix for 2.0.x is
+      to ensure a valid positive pid is passed to apr_proc_wait(); 
+      the MPMs do not kill children directly as in 2.2.x.
+      trunk commit:
+        http://svn.apache.org/viewvc?view=rev&rev=551843
+      patch for 2.0.x:
+        http://people.apache.org/~jorton/httpd-2.0.x-CVE-2007-3304.patch
+      +1: jorton
+
+    * SECURITY: CVE-2006-5752
+      mod_status XSS fix for broken browsers:
+        http://svn.apache.org/viewvc?view=rev&rev=549159
+      +1: jorton
+
  PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON:
  
      *) mod_headers: Support {...}s tag for SSL variable lookup.
author	Joe Orton <jorton@apache.org>
	Fri, 29 Jun 2007 17:05:59 +0000 (17:05 +0000)
committer	Joe Orton <jorton@apache.org>
	Fri, 29 Jun 2007 17:05:59 +0000 (17:05 +0000)