/[Apache-SVN]
ViewVC logotype

Revision 1611426

Jump to revision: Previous Next
Author: jim
Date: Thu Jul 17 18:20:46 2014 UTC (10 years, 2 months ago)
Changed paths: 5
Log Message: 
Merge r1610501 from trunk:

  *) SECURITY: CVE-2014-0118 (cve.mitre.org)
     mod_deflate: The DEFLATE input filter (inflates request bodies) now
     limits the length and compression ratio of inflated request bodies to avoid
     denial of sevice via highly compressed bodies.  See directives 
     DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
     and DeflateInflateRatioBurst.

Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue.

Submitted By: ylavic, covener
Reviewed By: jorton, covener, jim



Submitted by: covener
Reviewed/backported by: jim

Changed paths

Path Details
Directoryhttpd/httpd/branches/2.2.x/ modified , props changed
Directoryhttpd/httpd/branches/2.2.x/CHANGES modified , text changed
Directoryhttpd/httpd/branches/2.2.x/STATUS modified , text changed
Directoryhttpd/httpd/branches/2.2.x/docs/manual/mod/mod_deflate.xml modified , text changed
Directoryhttpd/httpd/branches/2.2.x/modules/filters/mod_deflate.c modified , text changed
infrastructure at apache.org
 ViewVC Help
Powered by ViewVC 1.1.26