propose mild mod_lua CVE

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642500 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index 5bf3b8bea68a15a89be77eba4902f9fcbde7f794..1a7fc5e58a4e285919b4851986e1b74f81771ff6 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -109,6 +109,14 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
+  *) SECURITY: CVE-2014-8109 (cve.mitre.org)
+     mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
+              used in multiple Require directives with different arguments.
+              PR57204. 
+     trunk patch: http://svn.apache.org/r1642499
+     2.4.x patch: trunk works:
+     +1 covener
+       
    * mod_proxy: Preserve original request headers even if they differ
                 from the ones to be forwarded to the backend. PR 45387.
      trunk patch: http://svn.apache.org/r1588527