httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1233611 - /httpd/httpd/branches/2.4.x/CHANGES
Date Thu, 19 Jan 2012 22:32:10 GMT
Author: trawick
Date: Thu Jan 19 22:32:09 2012
New Revision: 1233611

URL: http://svn.apache.org/viewvc?rev=1233611&view=rev
Log:
add entry for r1179239 (CVE-2011-3368)

Modified:
    httpd/httpd/branches/2.4.x/CHANGES

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1233611&r1=1233610&r2=1233611&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Thu Jan 19 22:32:09 2012
@@ -153,6 +153,11 @@ Changes with Apache 2.3.15
      core: Fix integer overflow in ap_pregsub. This can be triggered e.g.
      with mod_setenvif via a malicious .htaccess. [Stefan Fritsch]
 
+  *) SECURITY: CVE-2011-3368 (cve.mitre.org)
+     Reject requests where the request-URI does not match the HTTP
+     specification, preventing unexpected expansion of target URLs in
+     some reverse proxy configurations.  [Joe Orton]
+
   *) configure: Load all modules in the generated default configuration
      when using --enable-load-all-modules. [Rainer Jung]
 



Mime
View raw message