httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r1501413 - /httpd/httpd/branches/2.4.x/CHANGES
Date Tue, 09 Jul 2013 18:07:58 GMT
Author: wrowe
Date: Tue Jul  9 18:07:58 2013
New Revision: 1501413

URL: http://svn.apache.org/r1501413
Log:
Note security implication

Modified:
    httpd/httpd/branches/2.4.x/CHANGES

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1501413&r1=1501412&r2=1501413&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Tue Jul  9 18:07:58 2013
@@ -2,6 +2,13 @@
 
 Changes with Apache 2.4.5
 
+  *) SECURITY: CVE-2013-1896 (cve.mitre.org)
+     mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
+     the source href (sent as part of the request body as XML) pointing to a
+     URI that is not configured for DAV will trigger a segfault. [Ben Reser
+     <ben reser.org>]
+
+
   *) mod_proxy: Fix seg-faults when using the global pool on threaded
      MPMs [Thomas Eckert <thomas.r.w.eckert gmail.com>, Graham Leggett,
      Jim Jagielski]
@@ -104,11 +111,6 @@ Changes with Apache 2.4.5
   *) mod_dav: Improve error handling in dav_method_put(), add new
      dav_join_error() function.  PR 54145.  [Ben Reser <ben reser.org>]
 
-  *) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
-     the source href (sent as part of the request body as XML) pointing to a
-     URI that is not configured for DAV will trigger a segfault. [Ben Reser
-     <ben reser.org>]
-
   *) mod_dav: Do not fail PROPPATCH when prop namespace is not known.
      PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
 



Mime
View raw message