propose patch for CVE-2012-0031 on 2.0.x (older patch wouldn't quite apply)

author Jeff Trawick <trawick@apache.org>

Sat, 28 Jan 2012 20:12:32 +0000 (20:12 +0000)

committer Jeff Trawick <trawick@apache.org>

Sat, 28 Jan 2012 20:12:32 +0000 (20:12 +0000)
author Jeff Trawick <trawick@apache.org>
Sat, 28 Jan 2012 20:12:32 +0000 (20:12 +0000)
committer Jeff Trawick <trawick@apache.org>
Sat, 28 Jan 2012 20:12:32 +0000 (20:12 +0000)
diff --git a/STATUS b/STATUS

index e83042ba11726bec044a222e54a9fc641a65d237..3c636fef144b152a05f033d68e577b3857311556 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -150,6 +150,10 @@ RELEASE SHOWSTOPPERS:
       could cause the parent to crash at shutdown rather than terminate 
       cleanly.  [Joe Orton]
  
+     r1231058 on 2.0.x:
+       http://people.apache.org/~trawick/2.0-CVE-2012-0031-r1231058.patch
+     +1: trawick
+
    *) SECURITY: CVE-2012-0053 (cve.mitre.org)
       Fix an issue in error responses that could expose "httpOnly" cookies
       when no custom ErrorDocument is specified for status code 400.
author	Jeff Trawick <trawick@apache.org>
	Sat, 28 Jan 2012 20:12:32 +0000 (20:12 +0000)
committer	Jeff Trawick <trawick@apache.org>
	Sat, 28 Jan 2012 20:12:32 +0000 (20:12 +0000)