From 15cd182d988b2de6b21f1ed59884bb3871cc38f4 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Tue, 15 Jul 2014 19:15:14 +0000
Subject: [PATCH] propose trailers fix, didn't make the cut for 2.4.10 because
 I had backpor troubles.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610816 13f79535-47bb-0310-9956-ffa450edef68
---
 STATUS | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/STATUS b/STATUS
index 7707ba6b07..050468bb44 100644
--- a/STATUS
+++ b/STATUS
@@ -105,6 +105,17 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
+  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
+     core: HTTP trailers could be used to replace HTTP headers
+     late during request processing, potentially undoing or
+     otherwise confusing modules that examined or modified
+     request headers earlier.  Adds "MergeTrailers" directive to restore
+     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
+
+     trunk patch: http://svn.apache.org/r1610814
+     2.4.x patch: http://people.apache.org/~covener/patches/httpd-2.4.x-trailers.diff
+     +1: covener
+
    * mod_proxy_http: Avoid (unlikely) access to freed memory.
      trunk patch: http://svn.apache.org/r1599486
      2.4.x patch: trunk works
-- 
2.40.0