From: Jeff Trawick Date: Wed, 26 Jun 2013 16:13:24 +0000 (+0000) Subject: 2v+p X-Git-Tag: 2.0.65~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb608f61c21894fe8796735c578a3c9c2f6de677;p=thirdparty%2Fapache%2Fhttpd.git 2v+p git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1496986 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index 11da568cafa..ac7a6c4a1db 100644 --- a/STATUS +++ b/STATUS @@ -118,6 +118,12 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] + * mod_rewrite: (CVE-2013-1862 (cve.mitre.org)) Ensure that client data + written to the RewriteLog is escaped to prevent terminal escape sequences + from entering the log file. [Joe Orton] + http://svn.apache.org/viewvc?view=revision&revision=1482349 + 2.0.x: http://people.apache.org/~covener/patches/2.0.x-rewritelog.diff + +1: wrowe, covener, trawick PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ please place SVN revisions from trunk here, so it is easy to @@ -139,14 +145,10 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: template to a branch which people shouldn't be deploying in the first place. I'm +1 on the -SSLv2 change alone, e.g. http://people.apache.org/~wrowe/2.0-ssl-noV2.patch ] - - * mod_rewrite: (CVE-2013-1862 (cve.mitre.org)) Ensure that client data - written to the RewriteLog is escaped to prevent terminal escape sequences - from entering the log file. [Joe Orton] - http://svn.apache.org/viewvc?view=revision&revision=1482349 - 2.0.x: http://people.apache.org/~covener/patches/2.0.x-rewritelog.diff - +1: wrowe, covener + * Alternate: -SSLv2 change alone + http://people.apache.org/~wrowe/2.0-ssl-noV2.patch + +1: wrowe, trawick PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON: