util.c

Joe Orton Tue, 15 Jul 2014 09:00:43 -0700

On Tue, Jul 15, 2014 at 02:41:44PM +0100, Joe Orton wrote:
> I've stuck it in STATUS.  Any other opinions?


Come on... one more for this, either way?

   * mod_proxy Connection handling crasher, CVE-2014-0117
   trunk patch: http://svn.apache.org/r1610674
   ALTERNATIVE #1
   2.4.x patch: http://people.apache.org/~jorton/CVE-2014-0117-simple.patch
   +1: jorton, jim

   ALTERNATIVE #2
   2.4.x patch: http://people.apache.org/~jorton/2.4.x-CVE-2014-0117_v2.patch 
(ylavic)
   +1: jorton, ylavic
   -0.99: jim (not enough time for a serious review for inclusion in 2.4.10)
   ylavic: works here, and checking RFC compliance if the Connection header
           looks quite important to me.

VOTE PLEASE! Re: svn commit: r1610674 - in /httpd/httpd/trunk: include/ap_mmn.h include/httpd.h modules/proxy/mod_proxy_http.c modules/proxy/proxy_util.c server/util.c

Reply via email to