From: Jeff Trawick <trawick@apache.org>
Date: Sun, 29 Jan 2012 18:20:06 +0000 (+0000)
Subject: point to clean patch for CVE-2011-3368/CVE-2011-4317
X-Git-Tag: 2.0.65~87
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a740662f7d14ffde5b13a09d3686ddb8c6de7e96;p=thirdparty%2Fapache%2Fhttpd.git

point to clean patch for CVE-2011-3368/CVE-2011-4317

I'm fine with proceeding with this in order to have a consistent
solution for 2.0/2.2/2.4, but I should figure out the HTTP 0.9
failure with just the original 3368 patch since we're not supposed
to require the 4317 fix on 2.0.x.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1237406 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 698439472de..c660838eb4b 100644
--- a/STATUS
+++ b/STATUS
@@ -154,10 +154,8 @@ RELEASE SHOWSTOPPERS:
               both HTTP 1.0 and HTTP 0.9.
 
      From 2.2.x: http://svn.apache.org/viewvc?view=revision&revision=1235443
-              (sorry, I fitted the minor changes manually into 2.0.64
-              after first applying the original CVE-2011-3368 patch
-              for an intermediate test step; I haven't properly tested
-              patch-ability yet)
+        Individual patches apply with offsets; here's a clean all-in-one:
+        http://people.apache.org/~trawick/2.0-CVE-2011-4317-r1235443.patch
        +1: trawick
 
   *) SECURITY: CVE-2012-0031 (cve.mitre.org)