On Wed, May 12, 2010 at 7:28 PM, <[email protected]> wrote: > Author: pgollucci > Date: Wed May 12 23:28:53 2010 > New Revision: 943749 > > URL: http://svn.apache.org/viewvc?rev=943749&view=rev > Log: > vote > > Modified: > httpd/httpd/branches/2.0.x/STATUS > > Modified: httpd/httpd/branches/2.0.x/STATUS > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=943749&r1=943748&r2=943749&view=diff > ============================================================================== > --- httpd/httpd/branches/2.0.x/STATUS (original) > +++ httpd/httpd/branches/2.0.x/STATUS Wed May 12 23:28:53 2010 > @@ -172,7 +172,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: > http://svn.apache.org/viewvc?rev=833622&view=rev > Backport version for 2.0.x of patch (Updated with backport of r881222): > > http://people.apache.org/~rjung/patches/cve-2009-3555_httpd_2_0_x-v2.patch > - +1: rjung, rpluem > + +1: rjung, rpluem, pgollucci (+1 2.0.64 w/ this) > > * mod_ssl: Further mitigation for the TLS renegotation attack, CVE-2009-3555 > Trunk version of patch: > @@ -183,7 +183,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: > > http://people.apache.org/~rjung/patches/cve-2009-3555_httpd_2_0_x-backport-r891282.patch > Patch applies also on top of above partial fix for CVE-2009-3555 > with some offset. > - +1: rjung > + +1: rjung, pgollucci (+1 2.0.64 w/ this) > > * mod_ssl: Implement SSLInsecureRenegotiation > Trunk version of patch: > @@ -200,28 +200,31 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: > > http://people.apache.org/~rjung/patches/SSLInsecureRenegotiation_httpd_2_0_x-backport-r917044.patch > Patch applies also on top of the two above partial fixes for CVE-2009-3555 > with some offset and fuzz. > - +1: rjung > + +1: rjung, pgollucci (+1 2.0.64 w/ this) > > * mod_proxy_ftp, CVE-2009-3094, NULL pointer dereference on error paths > Patch in 2.2.x branch: > http://svn.apache.org/viewvc?view=revision&revision=814844 > Backport: > http://people.apache.org/~trawick/CVE-2009-3094-2.0.txt > - +1: > + +1: pgollucci > + PG: whomever proposed this should vote for it
Perhaps... As I said in my commit: "I haven't properly reviewed/tested these yet myself, but I'd guess that some among us may be in a good position to review. (And I should get to it eventually.)" Being more explicit about "good position to review:" There are probably devs here who have already made the patch determination, tested the fix on 2.0.x, and delivered it to their users.
