Add patch... both backport and showstopper.

author Jim Jagielski <jim@apache.org>

Wed, 5 Oct 2011 18:38:32 +0000 (18:38 +0000)

committer Jim Jagielski <jim@apache.org>

Wed, 5 Oct 2011 18:38:32 +0000 (18:38 +0000)
author Jim Jagielski <jim@apache.org>
Wed, 5 Oct 2011 18:38:32 +0000 (18:38 +0000)
committer Jim Jagielski <jim@apache.org>
Wed, 5 Oct 2011 18:38:32 +0000 (18:38 +0000)
diff --git a/STATUS b/STATUS

index 0af1d06fe2c806cd39dc080a35bb320e7d32bfd2..78e62cefad9896c0a66af833f10af90d822a94ad 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -89,7 +89,11 @@ CURRENT RELEASE NOTES:
  
  RELEASE SHOWSTOPPERS:
  
-
+  * SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
+    reverse proxy configurations by strictly validating the request-URI.
+    Trunk patch: http://svn.apache.org/viewvc?rev=1179239&view=rev
+    2.2.x patch: http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/CVE-2011-3368.patch
+    +1:
  
  PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
    [ start all new proposals below, under PATCHES PROPOSED. ]
author	Jim Jagielski <jim@apache.org>
	Wed, 5 Oct 2011 18:38:32 +0000 (18:38 +0000)
committer	Jim Jagielski <jim@apache.org>
	Wed, 5 Oct 2011 18:38:32 +0000 (18:38 +0000)