From d84bf8bb88a38533625be7738150155dfc630686 Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Mon, 2 Mar 2015 20:41:07 +0000 Subject: [PATCH] Vote. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1663425 13f79535-47bb-0310-9956-ffa450edef68 --- STATUS | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/STATUS b/STATUS index 65b4a12731..0a37515401 100644 --- a/STATUS +++ b/STATUS @@ -106,6 +106,14 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] + *) SECURITY: CVE-2015-0228 (cve.mitre.org) + mod_lua: A maliciously crafted websockets PING after a script + calls r:wsupgrade() can cause a child process crash. + trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1657261 + 2.4.x patch: trunk works + Note: Technically CTR but it's a CVE. + +1: covener, minfrin, ylavic + PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] @@ -257,14 +265,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: 2.4.x patch: http://people.apache.org/~minfrin/httpd-core-errordocument24-3.patch minfrin: +1 - *) SECURITY: CVE-2015-0228 (cve.mitre.org) - mod_lua: A maliciously crafted websockets PING after a script - calls r:wsupgrade() can cause a child process crash. - trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1657261 - 2.4.x patch: trunk works - Note: Technically CTR but it's a CVE. - +1: covener, minfrin - OTHER PROPOSALS -- 2.40.0