From 39f67e8816c622eb286fe09bd33bf32ac00ebc3f Mon Sep 17 00:00:00 2001
From: Jeff Trawick <trawick@apache.org>
Date: Thu, 2 Jul 2009 17:22:54 +0000
Subject: [PATCH] CVE-2009-1890 (tests out okay on 2.2.x with Joe's new
 testcase, but I'll try to look at it a little more before voting)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790690 13f79535-47bb-0310-9956-ffa450edef68
---
 STATUS | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/STATUS b/STATUS
index 5c13f6f5f7d..b801d192177 100644
--- a/STATUS
+++ b/STATUS
@@ -82,6 +82,14 @@ CURRENT RELEASE NOTES:
 
 RELEASE SHOWSTOPPERS:
 
+ * SECURITY: CVE-2009-1890 (cve.mitre.org)
+   Fix a potential Denial-of-Service attack against mod_proxy in a
+   reverse proxy configuration, where a remote attacker can force a
+   proxy process to consume CPU time indefinitely.  [Nick Kew, Joe Orton]
+   Trunk version of patch works: 
+       http://svn.apache.org/viewvc?view=rev&revision=790587
+   +1: 
+
  * additional (mod_perl test suite) OPT_INCLUDES compatibility
    trunk: N/A
    2.2.x patch: http://people.apache.org/~trawick/mod_perl_more_compat.txt
-- 
2.47.2