On Tue, Jul 15, 2014 at 02:41:44PM +0100, Joe Orton wrote: > I've stuck it in STATUS. Any other opinions?
Come on... one more for this, either way? * mod_proxy Connection handling crasher, CVE-2014-0117 trunk patch: http://svn.apache.org/r1610674 ALTERNATIVE #1 2.4.x patch: http://people.apache.org/~jorton/CVE-2014-0117-simple.patch +1: jorton, jim ALTERNATIVE #2 2.4.x patch: http://people.apache.org/~jorton/2.4.x-CVE-2014-0117_v2.patch (ylavic) +1: jorton, ylavic -0.99: jim (not enough time for a serious review for inclusion in 2.4.10) ylavic: works here, and checking RFC compliance if the Connection header looks quite important to me.