Propose CVE-2008-2364 patch for 2.2.9

author Jim Jagielski <jim@apache.org>

Tue, 10 Jun 2008 15:33:04 +0000 (15:33 +0000)

committer Jim Jagielski <jim@apache.org>

Tue, 10 Jun 2008 15:33:04 +0000 (15:33 +0000)
author Jim Jagielski <jim@apache.org>
Tue, 10 Jun 2008 15:33:04 +0000 (15:33 +0000)
committer Jim Jagielski <jim@apache.org>
Tue, 10 Jun 2008 15:33:04 +0000 (15:33 +0000)
diff --git a/STATUS b/STATUS

index c12189b61d044bdb34749b930b897146d0ed625b..c065cea3eb5ec3af2441902c432a8c3294bdb5b6 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -130,6 +130,15 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
     -1: niq - strcasecmp(NULL, ...) when secure is not set
     rpluem: Good catch. Should be fixed by r660461.
  
+ * mod_proxy_http: Handle interim responses better to avoid
+   excessive memory usage and potential denial of service
+   CVE-2008-2364
+   Trunk version of patch:
+         http://svn.apache.org/viewvc?view=rev&revision=666154
+   Backport version for 2.2.x of patch:
+         Trunk version of patch works
+   +1: jim
+
  PATCHES/ISSUES THAT ARE STALLED
  
     * beos MPM: Create pmain pool and run modules' child_init hooks when
author	Jim Jagielski <jim@apache.org>
	Tue, 10 Jun 2008 15:33:04 +0000 (15:33 +0000)
committer	Jim Jagielski <jim@apache.org>
	Tue, 10 Jun 2008 15:33:04 +0000 (15:33 +0000)