On 3/9/2010 2:51 PM, Joe Orton wrote: > On Tue, Mar 09, 2010 at 02:43:08PM -0600, William Rowe wrote: >> On 3/9/2010 11:15 AM, Jeff Trawick wrote: >>> On Tue, Mar 9, 2010 at 11:52 AM, <[email protected]> wrote: >>>> Author: wrowe >>>> Date: Tue Mar 9 11:52:32 2010 >>>> New Revision: 113 >>>> >>>> Log: >>>> For 2.0 patch available, note different line numbers >>> >>> I will continue working on the related vulnerabilities-httpd.xml >>> update unless you've already started ;) >> >> Be my guest, I was just moving the single entry and see you had jumped >> into the 2.0 security report xml. I was just going back over source code >> to verify the age of the flaw. > > Has anybody looked into whether CVE-2010-0434 affects 2.0.x too, on the > subject of security and 2.0.x? The r->headers_in table issue looks the > same but I didn't manage to get a test case working for 2.2.x to be able > to reproduce it.
Yes, but the patch is trivial. See the next status commit. If accepted I'll be happy to add to apply_to_2.0.63
