From: Eric Covener <covener@apache.org>
Date: Mon, 6 Aug 2007 17:42:12 +0000 (+0000)
Subject: propose CVE-2007-3847 for backport
X-Git-Tag: 2.0.60~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bfc01bfb882dc04757c355fb0ce67dca69b26e84;p=thirdparty%2Fapache%2Fhttpd.git

propose CVE-2007-3847 for backport



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@563203 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 114d56541ab..8617802b36f 100644
--- a/STATUS
+++ b/STATUS
@@ -142,6 +142,14 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
          http://svn.apache.org/viewcvs.cgi?rev=102870&view=rev
        +1: wrowe, colm
 
+    *) SECURITY: CVE-2007-3847
+       mod_proxy: Prevent reading past the end of a buffer when parsing
+       date-related headers.  PR 41144.
+         2.2.x: http://svn.apache.org/viewvc?view=rev&revision=563198
+         2.0.x: http://people.apache.org/~covener/proxy-util-20x.patch
+            (Same as 2.2 but removed lines have hard tabs)
+       +1: covener
+
 PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON:
 
     *) mod_headers: Support {...}s tag for SSL variable lookup.