On Tue, Jul 15, 2014 at 11:59 AM, Joe Orton <jor...@redhat.com> wrote:
> On Tue, Jul 15, 2014 at 02:41:44PM +0100, Joe Orton wrote: > > I've stuck it in STATUS. Any other opinions? > > Come on... one more for this, either way? > > * mod_proxy Connection handling crasher, CVE-2014-0117 > trunk patch: http://svn.apache.org/r1610674 > ALTERNATIVE #1 > 2.4.x patch: > http://people.apache.org/~jorton/CVE-2014-0117-simple.patch > +1: jorton, jim > dirty deed done > > ALTERNATIVE #2 > 2.4.x patch: > http://people.apache.org/~jorton/2.4.x-CVE-2014-0117_v2.patch (ylavic) > +1: jorton, ylavic > -0.99: jim (not enough time for a serious review for inclusion in > 2.4.10) > ylavic: works here, and checking RFC compliance if the Connection header > looks quite important to me. > > -- Born in Roswell... married an alien... http://emptyhammock.com/ http://edjective.org/