Commit 4a1cf187 authored by Rainer Jung's avatar Rainer Jung
Browse files

CVE-2011-3348: nothing to fix, original problem 

only applied to mod_proxy_ajp which does not
exist in 2.0.x.

CVE-2010-2068: added comment. I think nothing
to fix either, but mor eeyes welcome.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1237644 13f79535-47bb-0310-9956-ffa450edef68
parent 222f1dfb

STATUS

+5 −6
Original line number Diff line number Diff line
@@ -122,16 +122,15 @@ RELEASE SHOWSTOPPERS: 
    2.0.x patch: http://people.apache.org/~jim/patches/2.0-byterange0-.txt

    +1: jim, rjung, wrowe



  * Backport jorton's work on backstopping unrooted URI's (regex protection)

  *) Backport jorton's work on backstopping unrooted URI's (regex protection)

     and any mod_rewrite example corrections.



  *) SECURITY: CVE-2010-2068 (cve.mitre.org)

     mod_proxy_ajp, mod_proxy_http, mod_reqtimeout: Fix timeout detection

     for platforms Windows, Netware and OS2.  PR: 49417. [Rainer Jung]



  *) SECURITY: CVE-2011-3348 (cve.mitre.org)

     mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not

     recognized.  [Jean-Frederic Clere]

     rjung: mod_proxy_ajp and mod_reqtimeout don't apply for 2.0.x

            I checked proxy_http and could not find a code path to fix.

            More eyes welcome.



  *) SECURITY: CVE-2011-3607 (cve.mitre.org)

     Fix integer overflow in ap_pregsub() which, when the mod_setenvif module