From: Eric Covener <covener@apache.org>
Date: Mon, 14 Jul 2014 20:46:42 +0000 (+0000)
Subject: propose CVE-2014-0231
X-Git-Tag: 2.2.28~55
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=052e6d787c7494646d0d9b03e50e918f140f5f62;p=thirdparty%2Fapache%2Fhttpd.git

propose CVE-2014-0231


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610519 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 505b5e6dbeb..98c3056025e 100644
--- a/STATUS
+++ b/STATUS
@@ -114,6 +114,17 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
+   * SECURITY: CVE-2014-0231 
+       mod_cgid: Fix a denial of service against CGI scripts that do
+       not consume stdin that could lead to lingering HTTPD child processes
+       filling up the scoreboard and eventually hanging the server.
+       [Rainer Jung, Eric Covener, Yann Ylavic]
+
+     trunk patch: http://svn.apache.org/r1610509 
+                  http://svn.apache.org/r1535125  
+     2.2.x patch: http://people.apache.org/~covener/patches/httpd-2.2.x-cgid-script_timeout.diff
+     +1: covener
+
    * mod_proxy: Don't reuse a SSL backend connection whose SNI differs. PR 55782.
                 This may happen when ProxyPreserveHost is on and the proxy-worker
                 handles connections to different Hosts.