]> granicus.if.org Git - apache/commitdiff
projects / apache / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 75c2dc8)
propose stack overflow in lua websockets
authorEric Covener <covener@apache.org>
Mon, 2 Mar 2015 18:24:25 +0000 (18:24 +0000)
committerEric Covener <covener@apache.org>
Mon, 2 Mar 2015 18:24:25 +0000 (18:24 +0000)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1663389 13f79535-47bb-0310-9956-ffa450edef68

STATUS patch | blob | history

diff --git a/STATUS b/STATUS
index f0c4d836c5d53db6868cb86d18a2d95a5e1f8984..d6334f5a87b50e126d16d5a9680070d2a8d8897c 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -257,6 +257,13 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      2.4.x patch: trunk works (modulo CHANGES)
      ylavic: +1
 
+  *) SECURITY: CVE-2015-0228 (cve.mitre.org)
+     mod_lua: A maliciously crafted websockets PING after a script
+     calls r:wsupgrade() can cause a child process crash.
+     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1657261
+     2.4.x patch: trunk works
+     Note: Technically CTR but it's a CVE.
+     covener: +1
 
 OTHER PROPOSALS
 
Unnamed repository; edit this file 'description' to name the repository.