point to clean patch for CVE-2011-3368/CVE-2011-4317

I'm fine with proceeding with this in order to have a consistent
solution for 2.0/2.2/2.4, but I should figure out the HTTP 0.9
failure with just the original 3368 patch since we're not supposed
to require the 4317 fix on 2.0.x.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1237406 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index 698439472de9b9c887192c8a30417eccdf1d91f1..c660838eb4b3e4b7321fcef4b2ea9d894ccea2ec 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -154,10 +154,8 @@ RELEASE SHOWSTOPPERS:
               both HTTP 1.0 and HTTP 0.9.
 
      From 2.2.x: http://svn.apache.org/viewvc?view=revision&revision=1235443
-              (sorry, I fitted the minor changes manually into 2.0.64
-              after first applying the original CVE-2011-3368 patch
-              for an intermediate test step; I haven't properly tested
-              patch-ability yet)
+        Individual patches apply with offsets; here's a clean all-in-one:
+        http://people.apache.org/~trawick/2.0-CVE-2011-4317-r1235443.patch
        +1: trawick
 
   *) SECURITY: CVE-2012-0031 (cve.mitre.org)