From eb608f61c21894fe8796735c578a3c9c2f6de677 Mon Sep 17 00:00:00 2001 From: Jeff Trawick Date: Wed, 26 Jun 2013 16:13:24 +0000 Subject: 2v+p git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1496986 13f79535-47bb-0310-9956-ffa450edef68 --- STATUS | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/STATUS b/STATUS index 11da568caf..ac7a6c4a1d 100644 --- a/STATUS +++ b/STATUS @@ -118,6 +118,12 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] + * mod_rewrite: (CVE-2013-1862 (cve.mitre.org)) Ensure that client data + written to the RewriteLog is escaped to prevent terminal escape sequences + from entering the log file. [Joe Orton] + http://svn.apache.org/viewvc?view=revision&revision=1482349 + 2.0.x: http://people.apache.org/~covener/patches/2.0.x-rewritelog.diff + +1: wrowe, covener, trawick PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ please place SVN revisions from trunk here, so it is easy to @@ -139,14 +145,10 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: template to a branch which people shouldn't be deploying in the first place. I'm +1 on the -SSLv2 change alone, e.g. http://people.apache.org/~wrowe/2.0-ssl-noV2.patch ] - - * mod_rewrite: (CVE-2013-1862 (cve.mitre.org)) Ensure that client data - written to the RewriteLog is escaped to prevent terminal escape sequences - from entering the log file. [Joe Orton] - http://svn.apache.org/viewvc?view=revision&revision=1482349 - 2.0.x: http://people.apache.org/~covener/patches/2.0.x-rewritelog.diff - +1: wrowe, covener + * Alternate: -SSLv2 change alone + http://people.apache.org/~wrowe/2.0-ssl-noV2.patch + +1: wrowe, trawick PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON: -- cgit v1.2.1