On Mon, Jul 6, 2009 at 8:03 AM, <[email protected]> wrote: > Author: trawick > Date: Mon Jul 6 12:03:20 2009 > New Revision: 791454 > > URL: http://svn.apache.org/viewvc?rev=791454&view=rev > Log: > SECURITY: CVE-2009-1891 (cve.mitre.org) > Fix a potential Denial-of-Service attack against mod_deflate or other > modules, by forcing the server to consume CPU time in compressing a > large file after a client disconnects. [Joe Orton, Ruediger Pluem]
One of the patches was for https://issues.apache.org/bugzilla/show_bug.cgi?id=39605, although that has a different symptom. (See comment in http://svn.apache.org/viewvc?view=rev&revision=521681.) 39605 isn't marked complete or listed in CHANGES. Perhaps this is because more fixes are needed to address that problem?
