[PATCH] did I understand the mod_cgid fix properly?

Jeff Trawick Mon, 14 Jul 2014 14:19:27 -0700

Index: CHANGES
===================================================================
--- CHANGES (revision 1610531)
+++ CHANGES (working copy)
@@ -16,8 +16,10 @@
   *) SECURITY: CVE-2014-0231 (cve.mitre.org)
      mod_cgid: Fix a denial of service against CGI scripts that do
      not consume stdin that could lead to lingering HTTPD child processes
-     filling up the scoreboard and eventually hanging the server. Adds
-     "CGIDScriptTimeout" directive.
+     filling up the scoreboard and eventually hanging the server.  By
+     default, the client I/O timeout (Timeout directive) now applies to
+     communication with scripts.  The CGIDScriptTimeout directive can be
+     used to set a different timeout for communication with scripts.
      [Rainer Jung, Eric Covener, Yann Ylavic]


   *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions


Make sense?

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/

[PATCH] did I understand the mod_cgid fix properly?

Reply via email to