Commit 222f1dfb authored by Jeff Trawick's avatar Jeff Trawick
Browse files

point to clean patch for CVE-2011-3368/CVE-2011-4317 

I'm fine with proceeding with this in order to have a consistent
solution for 2.0/2.2/2.4, but I should figure out the HTTP 0.9
failure with just the original 3368 patch since we're not supposed
to require the 4317 fix on 2.0.x.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1237406 13f79535-47bb-0310-9956-ffa450edef68
parent 388263d1

STATUS

+2 −4
Original line number Diff line number Diff line
@@ -154,10 +154,8 @@ RELEASE SHOWSTOPPERS: 
              both HTTP 1.0 and HTTP 0.9.



     From 2.2.x: http://svn.apache.org/viewvc?view=revision&revision=1235443

              (sorry, I fitted the minor changes manually into 2.0.64

              after first applying the original CVE-2011-3368 patch

              for an intermediate test step; I haven't properly tested

              patch-ability yet)

        Individual patches apply with offsets; here's a clean all-in-one:

        http://people.apache.org/~trawick/2.0-CVE-2011-4317-r1235443.patch

       +1: trawick



  *) SECURITY: CVE-2012-0031 (cve.mitre.org)