- httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff fixes mod_proxy

reverse exposure via RewriteRule or ProxyPassMatch directives. This is CVE-2011-3368. OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=344
2011-10-07 15:12:49 +00:00 · 2011-10-07 15:12:49 +00:00 · 2c5775e2e0
commit 2c5775e2e0
parent 1796587345
3 changed files with 1873 additions and 0 deletions
--- a/apache2.changes
+++ b/apache2.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Oct  7 17:11:56 CEST 2011 - draht@suse.de
+
+- httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff fixes mod_proxy
+  reverse exposure via RewriteRule or ProxyPassMatch directives.
+  This is CVE-2011-3368.
+
 -------------------------------------------------------------------
 Fri Oct  7 14:36:31 UTC 2011 - fcrozat@suse.com

--- a/apache2.spec
+++ b/apache2.spec
@ -136,6 +136,7 @@ Patch101:       httpd-2.2.19-linux3.patch
 Patch102:       httpd-keepalivetimeout-millisecs.patch
 Patch104:       httpd-mod_deflate_head.patch
 Patch105:       ssl-mode-release-buffers.patch
+Patch106:       httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff
 Url:            http://httpd.apache.org/
 Icon:           Apache.xpm
 Summary:        The Apache Web Server Version 2.0
@ -358,6 +359,7 @@ to administrators of web servers in general.
 %patch102
 %patch104
 %patch105
+%patch106
 #
 cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
 #
--- a/httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff
+++ b/httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff