On 10/7/2010 2:29 PM, [email protected] wrote: > Author: wrowe > Date: Thu Oct 7 19:29:25 2010 > New Revision: 1005584 > > URL: http://svn.apache.org/viewvc?rev=1005584&view=rev > Log: > Pick up CVE-2010-1623 with this enhancement. One more pair of eyeballs > please? > > Modified: > httpd/httpd/branches/2.2.x/STATUS > > Modified: httpd/httpd/branches/2.2.x/STATUS > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1005584&r1=1005583&r2=1005584&view=diff > ============================================================================== > --- httpd/httpd/branches/2.2.x/STATUS (original) > +++ httpd/httpd/branches/2.2.x/STATUS Thu Oct 7 19:29:25 2010 > @@ -144,7 +144,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: > Trunk patch: http://svn.apache.org/viewvc?rev=1003626&view=rev > 2.2.x patch: trunk patch works on top of > mod_reqtimeout_up_to_r983116.diff > combined 2.2.x patch: > http://people.apache.org/~sf/mod_reqtimeout-2.2.x-v3.diff > - +1: sf > + +1: sf, wrowe > > * mod_disk_cache: Decline the opportunity to cache if the response is > a 206 Partial Content. This stops a reverse proxied partial response
Folks, as mod_reqtimeout was injected back into 2.2, it seems prudent to stay on top of it, especially w.r.t. CVE's... can we please have another pair of eyeballs on this patch before the 2.2.17 tag? Beyond this I think we are ready for now, it seems to be the last of the low hanging fruit.
