From: Jeff Trawick <trawick@apache.org>
Date: Sun, 29 Jan 2012 00:11:09 +0000 (+0000)
Subject: 3368/4317 notes/proposal
X-Git-Tag: 2.0.65~88
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ccc0dce3d0642f6813a8bc0c8daf18818b21166;p=thirdparty%2Fapache%2Fhttpd.git

3368/4317 notes/proposal


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1237185 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index d04e7013378..698439472de 100644
--- a/STATUS
+++ b/STATUS
@@ -146,6 +146,20 @@ RELEASE SHOWSTOPPERS:
      backend network exposure in some configurations.
      [Joe Orton]
 
+     trawick: Applying the existing 2.0.x patch for CVE-2011-3368 to
+              2.0.64, the three well-known testcases work for HTTP 1.0
+              but fail with HTTP 0.9; after applying r1235443 (backing
+              out the server/protocol.c change and fixing rewrite and
+              proxy), the three well-known testcases work for me with
+              both HTTP 1.0 and HTTP 0.9.
+
+     From 2.2.x: http://svn.apache.org/viewvc?view=revision&revision=1235443
+              (sorry, I fitted the minor changes manually into 2.0.64
+              after first applying the original CVE-2011-3368 patch
+              for an intermediate test step; I haven't properly tested
+              patch-ability yet)
+       +1: trawick
+
   *) SECURITY: CVE-2012-0031 (cve.mitre.org)
      Fix scoreboard issue which could allow an unprivileged child process 
      could cause the parent to crash at shutdown rather than terminate