Hi Apache folks--
Just a heads-up to let you know that i've requested a CVE for
mod_fcgid's 2.3.6 (the current release) due to possible DoS based on the
module not respecting administrator-configured limits:
http://www.openwall.com/lists/oss-security/2012/03/15/10
The issue is fixed in r1037727, but apparently not yet released.
The issue is also in the bugtracker as:
https://issues.apache.org/bugzilla/show_bug.cgi?id=49902
Thanks for your work on apache!
Regards,
--dkg
PS please keep me in the CC if there's more discussion; i've subscribed
to http-dev to give this heads-up, but can't cope with yet another
e-mail firehose for the long term. :/
