]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
projects / thirdparty / apache / httpd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: afbebb2)
Comment
authorRainer Jung <rjung@apache.org>
Fri, 15 Feb 2013 19:28:26 +0000 (19:28 +0000)
committerRainer Jung <rjung@apache.org>
Fri, 15 Feb 2013 19:28:26 +0000 (19:28 +0000)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1446736 13f79535-47bb-0310-9956-ffa450edef68

STATUS patch | blob | blame | history

diff --git a/STATUS b/STATUS
index 1b4ec68aaf91f0cc55ce5793af33251f85cfd2b7..959f95d21c67578c980a75c1bde37e8d7996968c 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -204,6 +204,11 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      +1: rjung
      rpluem says: Now t/security/CVE-2005-3352.t fails. Not sure if this is a real
      regression or if just the test is wrong, but this should be investigated.
+     rjung: The test sends a Referer '">http://fish/'.
+            The original code returns '<a href="http://IP/&quot;&gt;http://fish/">'
+            The patched code returns  '<a href="http://IP/%22%3ehttp://fish/">'
+            This seems to be even better IMHO. 2.4 also returns the percent encoded
+            variant, so the test should fail there as well.
 
 PATCHES/ISSUES THAT ARE STALLED
 
Mirror of https://github.com/apache/httpd.git