Propose -3094/-3095 fixes.

author Joe Orton <jorton@apache.org>

Mon, 14 Sep 2009 19:49:52 +0000 (19:49 +0000)

committer Joe Orton <jorton@apache.org>

Mon, 14 Sep 2009 19:49:52 +0000 (19:49 +0000)
author Joe Orton <jorton@apache.org>
Mon, 14 Sep 2009 19:49:52 +0000 (19:49 +0000)
committer Joe Orton <jorton@apache.org>
Mon, 14 Sep 2009 19:49:52 +0000 (19:49 +0000)
diff --git a/STATUS b/STATUS

index c0e1f26174163849fc6f0445590e01c5ebbaf5d9..7bcf241c134de4576b68b770e6003a1607f3483c 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -86,6 +86,19 @@ RELEASE SHOWSTOPPERS:
    (https://issues.apache.org/bugzilla/show_bug.cgi?id=47645) which can cause
    httpd to hang on Solaris 10 when using event ports.
  
+  * CVE-2009-3094: mod_proxy_ftp NULL pointer dereference on error paths
+    Trunk patch:
+      http://svn.apache.org/viewvc?view=rev&revision=814652
+      http://svn.apache.org/viewvc?view=rev&revision=814785
+    2.2.x patch:
+      http://people.apache.org/~jorton/CVE-2009-3094.diff
+    +1: jorton
+
+  * CVE-2009-3095: mod_proxy_ftp sanity check authn credentials
+    Trunk/2.2.x patch:
+      http://svn.apache.org/viewvc?view=rev&revision=814045
+    +1: jorton
+
  PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
    [ start all new proposals below, under PATCHES PROPOSED. ]
author	Joe Orton <jorton@apache.org>
	Mon, 14 Sep 2009 19:49:52 +0000 (19:49 +0000)
committer	Joe Orton <jorton@apache.org>
	Mon, 14 Sep 2009 19:49:52 +0000 (19:49 +0000)