httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1233609 - /httpd/httpd/branches/2.4.x/CHANGES
Date Thu, 19 Jan 2012 22:29:21 GMT
Author: trawick
Date: Thu Jan 19 22:29:21 2012
New Revision: 1233609

URL: http://svn.apache.org/viewvc?rev=1233609&view=rev
Log:
add entry for r1209436 (CVE-2011-4317)

Modified:
    httpd/httpd/branches/2.4.x/CHANGES

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1233609&r1=1233608&r2=1233609&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Thu Jan 19 22:29:21 2012
@@ -36,6 +36,12 @@ Changes with Apache 2.4.0
 
 Changes with Apache 2.3.16
 
+  *) SECURITY: CVE-2011-4317 (cve.mitre.org)
+     Resolve additional cases of URL rewriting with ProxyPassMatch or
+     RewriteRule, where particular request-URIs could result in undesired
+     backend network exposure in some configurations.
+     [Joe Orton]
+
   *) core: Limit line length in .htaccess to 8K like in 2.2.x, to avoid
      additional DoS potential. [Stefan Fritsch]
 



Mime
View raw message