On 22.11.2011 16:27, Igor Galić wrote:
----- Original Message -----On 22.11.2011 12:19, Aleksandar Lazic wrote: > Dear List members, > > Setup: > > Apache 2.2.20First off, 2.2.21 fixes CVE-2011-3192 - might want to check that.
Yep, we are on the way :-) to update
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c I have not seen a similar line in the mod_proxy_ajp.c
Correct myself.Such a line is in http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/proxy/ajp_header.c
###
...
static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
request_rec *r,
proxy_dir_conf *dconf)
{...
r->status = status;
...}
...
###
I'm not entirely sure, but I believe to have seen this fixed in 2.4/trunk.
Will a back port for 2.2.x be available? Aleks --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|