Commit 39af7462 authored by Yann Ylavic's avatar Yann Ylavic
Browse files

Propose safety backport.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1678595 13f79535-47bb-0310-9956-ffa450edef68
parent 7be4bbf8
Loading
Loading
Loading
Loading
+10 −0
Original line number Diff line number Diff line
@@ -230,6 +230,16 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
     2.4.x patch: http://people.apache.org/~jailletc36/PR52831.patch
     +1: jailletc36, ylavic

   * core: Avoid potential use of uninitialized (NULL) request data in
     request line error path.
     trunk patch: http://svn.apache.org/r1664205
     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-read_request_line.patch
     2.2.x patch: trunk works (module CHANGES)
     +1: ylavic
     ylavic: this is CVE-2015-0253 wrt 2.4.13, although 2.2.x is not
             vulnerable per se (no ErrorDocument handling from early
             request line parser), better be safe than sorry.

PATCHES/ISSUES THAT ARE STALLED

   * mod_proxy_balancer: Always initialize the shared parameters of a load