httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1005957 - /httpd/httpd/branches/2.2.x/CHANGES
Date Fri, 08 Oct 2010 18:57:00 GMT
Author: sf
Date: Fri Oct  8 18:56:59 2010
New Revision: 1005957

URL: http://svn.apache.org/viewvc?rev=1005957&view=rev
Log:
The vulnerable code was not in 2.2.16's mod_reqtimeout, therefore we
don't need to mention CVE-2010-1623 in the changelog.

Modified:
    httpd/httpd/branches/2.2.x/CHANGES

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1005957&r1=1005956&r2=1005957&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Fri Oct  8 18:56:59 2010
@@ -1,10 +1,6 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.17
 
-  *) SECURITY: CVE-2010-1623 (cve.mitre.org)
-     Fix a denial of service attack against mod_reqtimeout.
-     [Stefan Fritsch]
-
   *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
      connections and other protocol handlers (like mod_ftp). Enforce the
      timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering



Mime
View raw message