From: Jim Jagielski <jim@apache.org>
Date: Tue, 10 Jun 2008 15:33:04 +0000 (+0000)
Subject: Propose CVE-2008-2364 patch for 2.2.9
X-Git-Tag: 2.2.9~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fcab6022505b939de8d9ca51629c2939767e79e6;p=thirdparty%2Fapache%2Fhttpd.git

Propose CVE-2008-2364 patch for 2.2.9


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@666156 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index c12189b61d0..c065cea3eb5 100644
--- a/STATUS
+++ b/STATUS
@@ -130,6 +130,15 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
    -1: niq - strcasecmp(NULL, ...) when secure is not set
    rpluem: Good catch. Should be fixed by r660461.
 
+ * mod_proxy_http: Handle interim responses better to avoid
+   excessive memory usage and potential denial of service
+   CVE-2008-2364
+   Trunk version of patch:
+         http://svn.apache.org/viewvc?view=rev&revision=666154
+   Backport version for 2.2.x of patch:
+         Trunk version of patch works
+   +1: jim
+
 PATCHES/ISSUES THAT ARE STALLED
 
    * beos MPM: Create pmain pool and run modules' child_init hooks when