httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1636006 - /httpd/httpd/branches/2.4.x/CHANGES
Date Sat, 01 Nov 2014 18:01:31 GMT
Author: covener
Date: Sat Nov  1 18:01:31 2014
New Revision: 1636006

URL: http://svn.apache.org/r1636006
Log:

restore SECURITY to top

Modified:
    httpd/httpd/branches/2.4.x/CHANGES

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1636006&r1=1636005&r2=1636006&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sat Nov  1 18:01:31 2014
@@ -2,6 +2,17 @@
 
 Changes with Apache 2.4.11
 
+  *) SECURITY: CVE-2014-3581 (cve.mitre.org)
+     mod_cache: Avoid a crash when Content-Type has an empty value.
+     PR 56924.  [Mark Montague <mark catseye.org>, Jan Kaluza]
+
+  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
+     core: HTTP trailers could be used to replace HTTP headers
+     late during request processing, potentially undoing or
+     otherwise confusing modules that examined or modified
+     request headers earlier.  Adds "MergeTrailers" directive to restore
+     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
+
   *) mod_proxy_connect: Fix ProxyRemote to https:// backends on EBCDIC 
      systems. PR 57092 [Edward Lu <Chaosed0 gmail.com>]
 
@@ -35,17 +46,6 @@ Changes with Apache 2.4.11
 
   *) mod_dav: Set r->status_line in dav_error_response. PR 55426.
 
-  *) SECURITY: CVE-2014-3581 (cve.mitre.org)
-     mod_cache: Avoid a crash when Content-Type has an empty value.
-     PR 56924.  [Mark Montague <mark catseye.org>, Jan Kaluza]
-
-  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
-     core: HTTP trailers could be used to replace HTTP headers
-     late during request processing, potentially undoing or
-     otherwise confusing modules that examined or modified
-     request headers earlier.  Adds "MergeTrailers" directive to restore
-     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
-
   *) mod_proxy_http: Avoid (unlikely) access to freed memory. [Yann Ylavic]
 
   *) http_protocol: fix logic in ap_method_list_(add|remove) in order:



Mime
View raw message