From: Joe Orton <jorton@apache.org>
Date: Mon, 14 Sep 2009 19:49:52 +0000 (+0000)
Subject: Propose -3094/-3095 fixes.
X-Git-Tag: 2.2.14~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ad31b769f041afad25bfc01efa546cbb5e758b76;p=thirdparty%2Fapache%2Fhttpd.git

Propose -3094/-3095 fixes.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@814808 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index c0e1f261741..7bcf241c134 100644
--- a/STATUS
+++ b/STATUS
@@ -86,6 +86,19 @@ RELEASE SHOWSTOPPERS:
   (https://issues.apache.org/bugzilla/show_bug.cgi?id=47645) which can cause
   httpd to hang on Solaris 10 when using event ports.
 
+  * CVE-2009-3094: mod_proxy_ftp NULL pointer dereference on error paths
+    Trunk patch:
+      http://svn.apache.org/viewvc?view=rev&revision=814652
+      http://svn.apache.org/viewvc?view=rev&revision=814785
+    2.2.x patch:
+      http://people.apache.org/~jorton/CVE-2009-3094.diff
+    +1: jorton
+
+  * CVE-2009-3095: mod_proxy_ftp sanity check authn credentials
+    Trunk/2.2.x patch:
+      http://svn.apache.org/viewvc?view=rev&revision=814045
+    +1: jorton
+
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]