CVE-2011-3348: nothing to fix, original problem

only applied to mod_proxy_ajp which does not
exist in 2.0.x.

CVE-2010-2068: added comment. I think nothing
to fix either, but mor eeyes welcome.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1237644 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index c660838eb4b3e4b7321fcef4b2ea9d894ccea2ec..c86be09bcb91a6ba685ba787f38cfab1822cfeb2 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -122,16 +122,15 @@ RELEASE SHOWSTOPPERS:
     2.0.x patch: http://people.apache.org/~jim/patches/2.0-byterange0-.txt
     +1: jim, rjung, wrowe
 
-  * Backport jorton's work on backstopping unrooted URI's (regex protection)
-    and any mod_rewrite example corrections.
+  *) Backport jorton's work on backstopping unrooted URI's (regex protection)
+     and any mod_rewrite example corrections.
 
   *) SECURITY: CVE-2010-2068 (cve.mitre.org)
      mod_proxy_ajp, mod_proxy_http, mod_reqtimeout: Fix timeout detection
      for platforms Windows, Netware and OS2.  PR: 49417. [Rainer Jung]
-
-  *) SECURITY: CVE-2011-3348 (cve.mitre.org)
-     mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
-     recognized.  [Jean-Frederic Clere]
+     rjung: mod_proxy_ajp and mod_reqtimeout don't apply for 2.0.x
+            I checked proxy_http and could not find a code path to fix.
+            More eyes welcome.
 
   *) SECURITY: CVE-2011-3607 (cve.mitre.org)
      Fix integer overflow in ap_pregsub() which, when the mod_setenvif module