I don't have that checked out. Record +1's from me. On 2/1/2012 8:41 AM, traw...@apache.org wrote: > Author: trawick > Date: Wed Feb 1 14:41:59 2012 > New Revision: 1239151 > > URL: http://svn.apache.org/viewvc?rev=1239151&view=rev > Log: > wrowe seemed interested in publishing patches, and the current > text for CVE-2011-3368 implies that a patch will be made available > > any other interested parties? > > Modified: > httpd/httpd/branches/1.3.x/STATUS > > Modified: httpd/httpd/branches/1.3.x/STATUS > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/1.3.x/STATUS?rev=1239151&r1=1239150&r2=1239151&view=diff > ============================================================================== > --- httpd/httpd/branches/1.3.x/STATUS (original) > +++ httpd/httpd/branches/1.3.x/STATUS Wed Feb 1 14:41:59 2012 > @@ -59,6 +59,19 @@ Release: > > ** THIS BRANCH IS CLOSED TO DEVELOPMENT AND MAINTENANCE ** > > +POST-RETIREMENT SECURITY PATCHES: > + > + (for distribution in the official patches directory) > + > + *) CVE-2011-3368/CVE-2011-4317 > + http://people.apache.org/~trawick/1.3-CVE-2011-4317-r1235443.patch > + +1: trawick > + > + *) CVE-2012-0053 > + http://people.apache.org/~trawick/1.3-CVE-2012-0053-r1234837.patch > + +1: trawick > + trawick: I'll update the security doc once I get an idea of whether > + or not a patch will be made available. > > UNADDRESSED ISSUES: > > > >