apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r785974 - /apr/apr-util/branches/1.3.x/CHANGES
Date Thu, 18 Jun 2009 09:14:32 GMT
Author: jorton
Date: Thu Jun 18 09:14:32 2009
New Revision: 785974

URL: http://svn.apache.org/viewvc?rev=785974&view=rev
Log:
Add CVE names.

Modified:
    apr/apr-util/branches/1.3.x/CHANGES

Modified: apr/apr-util/branches/1.3.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?rev=785974&r1=785973&r2=785974&view=diff
==============================================================================
--- apr/apr-util/branches/1.3.x/CHANGES [utf-8] (original)
+++ apr/apr-util/branches/1.3.x/CHANGES [utf-8] Thu Jun 18 09:14:32 2009
@@ -14,7 +14,7 @@
 
 Changes with APR-util 1.3.7
 
-  *) SECURITY:        
+  *) SECURITY: CVE-2009-1955 (cve.mitre.org)
      Fix a denial of service attack against the apr_xml_* interface
      using the "billion laughs" entity expansion technique.
      [Joe Orton]
@@ -29,7 +29,8 @@
      Fix underflow in apr_strmatch_precompile.
      [Matthew Palmer <mpalmer debian.org>]
 
-  *) Fix off by one overflow in apr_brigade_vprintf.
+  *) SECURITY: CVE-2009-1956 (cve.mitre.org)
+     Fix off by one overflow in apr_brigade_vprintf.
      [C. Michael Pilato <cmpilato collab.net>]
 
   *) APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the



Mime
View raw message