From: William A. Rowe Jr <wrowe@apache.org>
Date: Mon, 24 Jun 2013 15:42:38 +0000 (+0000)
Subject: Propose one straighforward security patch
X-Git-Tag: 2.0.65~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f0474df9303a0b4144af4afae91fbf772d4c110;p=thirdparty%2Fapache%2Fhttpd.git

Propose one straighforward security patch

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1496100 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index f47a4eaad7d..fb7c7dc7d01 100644
--- a/STATUS
+++ b/STATUS
@@ -114,6 +114,9 @@ CURRENT RELEASE NOTES:
 
 RELEASE SHOWSTOPPERS:
 
+  *) SECURITY:
+
+
   *) SECURITY: CVE-2011-4317 (cve.mitre.org)
      Resolve additional cases of URL rewriting with ProxyPassMatch or
      RewriteRule, where particular request-URIs could result in undesired
@@ -195,6 +198,13 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      +1: rjung
      -1: 
 
+   * mod_rewrite: (CVE-2013-1862 (cve.mitre.org)) Ensure that client data
+     written to the RewriteLog is escaped to prevent terminal escape sequences
+     from entering the log file. [Joe Orton]
+     http://svn.apache.org/viewvc?view=revision&revision=1482349
+     2.0.x patch: http://people.apache.org/~wrowe/mod_rewrite-r1482349.patch
+     +1: wrowe
+     -1: 
 
 PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON: