From a68d5b6201460457319298aff195d104ae7f073b Mon Sep 17 00:00:00 2001
From: Jeff Trawick <trawick@apache.org>
Date: Fri, 20 Jan 2012 14:21:28 +0000
Subject: [PATCH] alternative solution for CVE-2011-4317

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1233920 13f79535-47bb-0310-9956-ffa450edef68
---
 STATUS | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/STATUS b/STATUS
index 1ccab684d1b..eece6e924ea 100644
--- a/STATUS
+++ b/STATUS
@@ -150,9 +150,12 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
            should be much faster than a callout to strcmp.
     wrowe: Shouldn't this all simply be handled with an error result from
            apr_uri_parse?
-    trawick: leaning towards (b) with wrowe's tweak above, to let other mods
-           decide whether to handle odd URIs with core hook failing it if it got
-           that far
+    trawick: valid URIs can be used to exploit this, so apr_uri_parse() won't help
+
+    Plan (b) from mail discussion above
+      Adds trunk revision 1233604
+      2.2.x patch: http://people.apache.org/~trawick/CVE-2011-4317-2.2.x.txt
+    +1: trawick
 
   * mod_proxy: cure size_t abuse part 1, backport relevant bits of r1227856,
     Specifically normalizes ap_proxy_string_read so that the prototype
-- 
2.47.2