----- Original Message ----- > On 22.11.2011 16:27, Igor Galić wrote: > > ----- Original Message ----- > >> On 22.11.2011 12:19, Aleksandar Lazic wrote: > >> > Dear List members, > >> > > >> > Setup: > >> > > >> > Apache 2.2.20 > > > > First off, 2.2.21 fixes CVE-2011-3192 - might want to check that. > > Yep, we are on the way :-) to update > > >> > >> http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c > >> > >> http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c > >> > >> I have not seen a similar line in the mod_proxy_ajp.c > > Correct myself. > Such a line is in > http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/proxy/ajp_header.c > > ### > ... > static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg, > request_rec *r, > proxy_dir_conf *dconf) > {... > r->status = status; > ...} > ... > ### > > > I'm not entirely sure, but I believe to have seen this fixed > > in 2.4/trunk. > > Will a back port for 2.2.x be available?
Doesn't look like anybody has raised that particular issue yet: http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS I'll propose it for 2.2.x > Aleks i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
