On Mon, Jul 06, 2009 at 08:07:39AM -0400, Jeff Trawick wrote: > On Mon, Jul 6, 2009 at 8:03 AM, <[email protected]> wrote: > > URL: http://svn.apache.org/viewvc?rev=791454&view=rev > > Log: > > SECURITY: CVE-2009-1891 (cve.mitre.org) > > Fix a potential Denial-of-Service attack against mod_deflate or other > > modules, by forcing the server to consume CPU time in compressing a > > large file after a client disconnects. [Joe Orton, Ruediger Pluem] > > One of the patches was for > https://issues.apache.org/bugzilla/show_bug.cgi?id=39605, although that has > a different symptom. (See comment in > http://svn.apache.org/viewvc?view=rev&revision=521681.) 39605 isn't marked > complete or listed in CHANGES. Perhaps this is because more fixes are > needed to address that problem?
Ah, thanks, I meant to add that in but forgot. Yes, PR 39605 should be fixed by these patches. I've updated CHANGES to reflect that now. Regards, Joe
