On Fri, Jun 11, 2010 at 4:58 PM, <wr...@apache.org> wrote: > > Author: wrowe > Revision: 953418 > Modified property: svn:log > > Modified: svn:log at Fri Jun 11 20:58:40 2010 > ------------------------------------------------------------------------------ > --- svn:log (original) > +++ svn:log Fri Jun 11 20:58:40 2010 > @@ -1,2 +1,5 @@ > Use APR_STATUS_IS_TIMEUP instead of direct compare to APR_TIMEUP to > be more safe on different platforms. > + > +PR: 49417 > +Addresses CVE-2010-2068 >
Would it be accurate to add the following paragraph? Some folks may be bewildered that the vulnerability affects only certain platforms yet the commit that resolves it modifies platform-independent code. ---cut here--- Note: This commit has an additional, platform-independent change to mark the back-end connection for closing ( backend->close = 1;) That code is not required to resolve CVE-2010-2068 on any platform. ---cut here---
