httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1577139 - /httpd/httpd/branches/2.4.x/CHANGES
Date Thu, 13 Mar 2014 12:43:43 GMT
Author: jim
Date: Thu Mar 13 12:43:43 2014
New Revision: 1577139

URL: http://svn.apache.org/r1577139
Log:
Note changes

Modified:
    httpd/httpd/branches/2.4.x/CHANGES

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1577139&r1=1577138&r2=1577139&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Thu Mar 13 12:43:43 2014
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.9
 
+  *) mod_ssl: Work around a bug in some older versions of OpenSSL that
+     would cause a crash in SSL_get_certificate for servers where the
+     certificate hadn't been sent. [Stephen Henson]
 
 Changes with Apache 2.4.8
 
@@ -11,6 +14,12 @@ Changes with Apache 2.4.8
      logging truncated cookies.
      [William Rowe, Ruediger Pluem, Jim Jagielski]
 
+ *) SECURITY: CVE-2013-6438 (cve.mitre.org)
+    mod_dav: Keep track of length of cdata properly when removing
+    leading spaces. Eliminates a potential denial of service from
+    specifically crafted DAV WRITE requests
+    [Amin Tora <Amin.Tora neustar.biz>]
+
   *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
      TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]
 



Mime
View raw message