From: Jeff Trawick <trawick@apache.org>
Date: Thu, 2 Jul 2009 17:22:54 +0000 (+0000)
Subject: CVE-2009-1890
X-Git-Tag: 2.2.12~72
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39f67e8816c622eb286fe09bd33bf32ac00ebc3f;p=thirdparty%2Fapache%2Fhttpd.git

CVE-2009-1890
(tests out okay on 2.2.x with Joe's new testcase, but I'll try to look at it
a little more before voting)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790690 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 5c13f6f5f7d..b801d192177 100644
--- a/STATUS
+++ b/STATUS
@@ -82,6 +82,14 @@ CURRENT RELEASE NOTES:
 
 RELEASE SHOWSTOPPERS:
 
+ * SECURITY: CVE-2009-1890 (cve.mitre.org)
+   Fix a potential Denial-of-Service attack against mod_proxy in a
+   reverse proxy configuration, where a remote attacker can force a
+   proxy process to consume CPU time indefinitely.  [Nick Kew, Joe Orton]
+   Trunk version of patch works: 
+       http://svn.apache.org/viewvc?view=rev&revision=790587
+   +1: 
+
  * additional (mod_perl test suite) OPT_INCLUDES compatibility
    trunk: N/A
    2.2.x patch: http://people.apache.org/~trawick/mod_perl_more_compat.txt