httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1447449 - /httpd/httpd/branches/2.4.x/CHANGES
Date Mon, 18 Feb 2013 19:37:44 GMT
Author: jim
Date: Mon Feb 18 19:37:43 2013
New Revision: 1447449

URL: http://svn.apache.org/r1447449
Log:
Note that these are/were CVEs

Modified:
    httpd/httpd/branches/2.4.x/CHANGES

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1447449&r1=1447448&r2=1447449&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Mon Feb 18 19:37:43 2013
@@ -2,6 +2,15 @@
 
 Changes with Apache 2.4.4
 
+  *) SECURITY: CVE-2012-3499 (cve.mitre.org)
+     Various XSS flaws due to unescaped hostnames and URIs HTML output in
+     mod_info, mod_status, mod_impagemap, mod_proxy_balancer, and mod_proxy_ftp.
+     [Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
+
+  *) SECURITY: CVE-2012-4558 (cve.mitre.org)
+     XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
+     Niels Heinen <heinenn google com>]
+
   *) mod_dir: Add support for the value 'disabled' in FallbackResource.
      [Vincent Deffontaines]
      
@@ -116,10 +125,6 @@ Changes with Apache 2.4.4
      unless new option 'RewriteOptions MergeBase' is configured.
      PR 53963. [Eric Covener]
 
-  *) mod_status, mod_info, mod_proxy_ftp, mod_proxy_balancer, mod_imagemap,
-     mod_ldap: Improve escaping of hostname and URIs HTML output.
-     [Jim Jagielski, Stefan Fritsch]
-
   *) mod_header: Allow for exposure of loadavg and server load using new 
      format specifiers %l, %i, %b [Jim Jagielski]
   



Mime
View raw message