From c0a15db43557b4a51653c552e06f5e17f6d6fee1 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 2 Mar 2015 18:24:25 +0000
Subject: [PATCH] propose stack overflow in lua websockets

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1663389 13f79535-47bb-0310-9956-ffa450edef68
---
 STATUS | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/STATUS b/STATUS
index f0c4d836c5..d6334f5a87 100644
--- a/STATUS
+++ b/STATUS
@@ -257,6 +257,13 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      2.4.x patch: trunk works (modulo CHANGES)
      ylavic: +1
 
+  *) SECURITY: CVE-2015-0228 (cve.mitre.org)
+     mod_lua: A maliciously crafted websockets PING after a script
+     calls r:wsupgrade() can cause a child process crash.
+     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1657261
+     2.4.x patch: trunk works
+     Note: Technically CTR but it's a CVE.
+     covener: +1
 
 OTHER PROPOSALS
 
-- 
2.50.1