httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1165779 - /httpd/httpd/trunk/CHANGES
Date Tue, 06 Sep 2011 18:45:33 GMT
Author: covener
Date: Tue Sep  6 18:45:33 2011
New Revision: 1165779

URL: http://svn.apache.org/viewvc?rev=1165779&view=rev
Log:
bump SECURITY issue to top of in-development 2.3.15 section.


Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1165779&r1=1165778&r2=1165779&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Sep  6 18:45:33 2011
@@ -1,6 +1,12 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.3.15
 
+  *) SECURITY: CVE-2011-3192 (cve.mitre.org)
+     core: Fix handling of byte-range requests to use less memory, to avoid
+     denial of service. If the sum of all ranges in a request is larger than
+     the original file, ignore the ranges and send the complete file.
+     PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
+
   *) mod_ssl: revamp CRL-based revocation checking when validating
      certificates of clients or proxied servers. Completely delegate
      CRL processing to OpenSSL, and add a new [Proxy]CARevocationCheck
@@ -9,12 +15,6 @@ Changes with Apache 2.3.15
   *) Fix a regression in the CVE-2011-3192 byterange fix.
      PR 51748. [low_priority <lowprio20 gmail.com>]
 
-  *) SECURITY: CVE-2011-3192 (cve.mitre.org)
-     core: Fix handling of byte-range requests to use less memory, to avoid
-     denial of service. If the sum of all ranges in a request is larger than
-     the original file, ignore the ranges and send the complete file.
-     PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
-
   *) core: Add MaxRanges directive to control the number of ranges permitted
      before returning the entire resource, with a default limit of 200. 
      [Eric Covener]



Mime
View raw message