httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r919690 - /httpd/httpd/trunk/CHANGES
Date Sat, 06 Mar 2010 01:59:50 GMT
Author: wrowe
Date: Sat Mar  6 01:59:50 2010
New Revision: 919690

URL: http://svn.apache.org/viewvc?rev=919690&view=rev
Log:
Sync Changelog

Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=919690&r1=919689&r2=919690&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sat Mar  6 01:59:50 2010
@@ -3,6 +3,14 @@
 Changes with Apache 2.3.7
 
   *) SECURITY: CVE-2009-3555 (cve.mitre.org)
+     mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
+     attack when compiled against OpenSSL version 0.9.8m or later. Introduces
+     the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
+     and offer unsafe legacy renegotiation with clients which do not yet
+     support the new secure renegotiation protocol, RFC 5746.
+     [Joe Orton, and with thanks to the OpenSSL Team]
+
+  *) SECURITY: CVE-2009-3555 (cve.mitre.org)
      mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
      by rejecting any client-initiated renegotiations. Forcibly disable
      keepalive for the connection if there is any buffered data readable. Any



Mime
View raw message