From: Yann Ylavic <ylavic@apache.org>
Date: Wed, 12 Nov 2014 15:54:11 +0000 (+0000)
Subject: Propose fix for CVE-2014-3583.
X-Git-Tag: 2.4.11~179
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5698a9356ef205369ba8aaa75c6f58d5fd3c0388;p=thirdparty%2Fapache%2Fhttpd.git

Propose fix for CVE-2014-3583.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1638820 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index e2f4e7bcc04..3784e383460 100644
--- a/STATUS
+++ b/STATUS
@@ -107,6 +107,12 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
+   * SECURITY: CVE-2014-3583 (cve.mitre.org)
+     mod_proxy_fcgi: Fix a potential crash with response headers' size above 8K.
+     trunk patch: http://svn.apache.org/r1638818
+     2.4.x patch: trunk works (modulo CHANGES)
+     +1: ylavic
+
    * mod_proxy: Preserve original request headers even if they differ
                 from the ones to be forwarded to the backend. PR 45387.
      trunk patch: http://svn.apache.org/r1588527