From: Ruediger Pluem <rpluem@apache.org>
Date: Tue, 10 Jul 2007 06:25:28 +0000 (+0000)
Subject: * Summarize, vote and promote
X-Git-Tag: 2.0.60~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2bf7e63beac3a217168aa1475e05aaa1f2571428;p=thirdparty%2Fapache%2Fhttpd.git

* Summarize, vote and promote


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@554845 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index d0667503fe6..997f4dc8638 100644
--- a/STATUS
+++ b/STATUS
@@ -114,6 +114,24 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
+    *) SECURITY: CVE-2007-1863 (cve.mitre.org)
+      mod_cache: Prevent segfault from Cache-Control headers with no
+      values
+      Trunk version of patch:
+        http://svn.apache.org/viewvc?view=rev&rev=535617
+      2.0.x version of patch:
+        http://people.apache.org/~mjc/cve-2007-1863-2.0.patch
+      +1: mjc, rpluem, jorton
+
+    * SECURITY: CVE-2007-3304
+      scoreboard pid protection fixes -- the only fix for 2.0.x is
+      to ensure a valid positive pid is passed to apr_proc_wait(); 
+      the MPMs do not kill children directly as in 2.2.x.
+      trunk commit:
+        http://svn.apache.org/viewvc?view=rev&rev=551843
+      patch for 2.0.x:
+        http://people.apache.org/~jorton/httpd-2.0.x-CVE-2007-3304.patch
+      +1: jorton, jim, rpluem
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ please place SVN revisions from trunk here, so it is easy to
@@ -146,28 +164,10 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
        http://svn.apache.org/viewvc?view=rev&rev=520733
        +1: wrowe
 
-    * SECURITY: CVE-2007-3304
-      scoreboard pid protection fixes -- the only fix for 2.0.x is
-      to ensure a valid positive pid is passed to apr_proc_wait(); 
-      the MPMs do not kill children directly as in 2.2.x.
-      trunk commit:
-        http://svn.apache.org/viewvc?view=rev&rev=551843
-      patch for 2.0.x:
-        http://people.apache.org/~jorton/httpd-2.0.x-CVE-2007-3304.patch
-      +1: jorton, jim
-
     * SECURITY: CVE-2006-5752
       mod_status XSS fix for broken browsers:
         http://svn.apache.org/viewvc?view=rev&rev=549159
-      +1: jorton
-
-    * SECURITY: CVE-2007-1863
-      mod_cache fix for handling Cache-Control attributes
-      Trunk version of patch:
-        http://svn.apache.org/viewvc?view=rev&rev=535617
-      2.0.x version of patch:
-        http://people.apache.org/~mjc/cve-2007-1863-2.0.patch
-      +1: jorton
+      +1: jorton, rpluem
 
 PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON:
 
@@ -324,15 +324,6 @@ PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON:
              propogating POST or other non-GET types?  It seems that almost
              any subreq should be handled as a GET in 2.0.
 
-    *) SECURITY: CVE-2007-1863 (cve.mitre.org)
-      mod_cache: Prevent segfault from Cache-Control headers with no
-      values
-      Trunk version of patch:
-        http://svn.apache.org/viewvc?view=rev&rev=535617
-      2.0.x version of patch:
-        http://people.apache.org/~mjc/cve-2007-1863-2.0.patch
-      +1: mjc, rpluem
-
 CURRENT VOTES:
 
     *) httpd-std.conf and friends;