httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1235875 - /httpd/httpd/branches/2.2.x/CHANGES
Date Wed, 25 Jan 2012 18:56:45 GMT
Author: sf
Date: Wed Jan 25 18:56:45 2012
New Revision: 1235875

URL: http://svn.apache.org/viewvc?rev=1235875&view=rev
Log:
Add reference to CVE-2012-0021

Modified:
    httpd/httpd/branches/2.2.x/CHANGES

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1235875&r1=1235874&r2=1235875&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Wed Jan 25 18:56:45 2012
@@ -27,8 +27,11 @@ Changes with Apache 2.2.22
      is enabled, could allow local users to gain privileges via a .htaccess
      file. [Stefan Fritsch, Greg Ames]
 
-  *) mod_log_config: Fix segfault when logging nameless, valueless cookie.
-     PR 52256. [Stefan Fritsch]
+  *) SECURITY: CVE-2012-0021 (cve.mitre.org)
+     mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
+     string is in use and a client sends a nameless, valueless cookie, causing
+     a denial of service. The issue existed since version 2.2.17. PR 52256.
+     [Stefan Fritsch]
 
   *) mod_proxy_ajp: Try to prevent a single long request from marking a worker
      in error. [Jean-Frederic Clere]



Mime
View raw message