httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r930434 - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_24.html
Date Tue, 25 Nov 2014 12:07:03 GMT
Author: buildbot
Date: Tue Nov 25 12:07:03 2014
New Revision: 930434

Log:
Staging update by buildbot for httpd

Modified:
    websites/staging/httpd/trunk/content/   (props changed)
    websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
    websites/staging/httpd/trunk/content/security/vulnerabilities_24.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Nov 25 12:07:03 2014
@@ -1 +1 @@
-1640098
+1641600

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml Tue Nov 25 12:07:03
2014
@@ -5,22 +5,15 @@
 <severity level="4">low</severity>
 <title>mod_proxy_fcgi out-of-bounds memory read</title>
 <description><p>
-An out-of-bounds memory read was found in mod_proxy_fcgi.  A malicious FastCGI
-server could send a carefully crafted response which could lead to a
-crash when reading past the end of a heap memory or stack buffer.
+An out-of-bounds memory read was found in mod_proxy_fcgi.  A malicious
+FastCGI server could send a carefully crafted response which could
+lead to a crash when reading past the end of a heap memory or stack
+buffer.  This issue affects version 2.4.10 only.
 </p></description>
 <acknowledgements>
 This issue was reported by Teguh P. Alko.
 </acknowledgements>
 <affects prod="httpd" version="2.4.10"/>
-<affects prod="httpd" version="2.4.9"/>
-<affects prod="httpd" version="2.4.8"/>
-<affects prod="httpd" version="2.4.7"/>
-<affects prod="httpd" version="2.4.6"/>
-<affects prod="httpd" version="2.4.4"/>
-<affects prod="httpd" version="2.4.3"/>
-<affects prod="httpd" version="2.4.2"/>
-<affects prod="httpd" version="2.4.1"/>
 </issue>
 
 <issue fixed="2.4.11-dev" reported="20140908" public="20140908">

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Tue Nov 25 12:07:03
2014
@@ -92,9 +92,10 @@ Fixed in Apache httpd 2.4.11-dev</h1><dl
     </b>
     <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583">CVE-2014-3583</a>
     <p>
-An out-of-bounds memory read was found in mod_proxy_fcgi.  A malicious FastCGI
-server could send a carefully crafted response which could lead to a
-crash when reading past the end of a heap memory or stack buffer.
+An out-of-bounds memory read was found in mod_proxy_fcgi.  A malicious
+FastCGI server could send a carefully crafted response which could
+lead to a crash when reading past the end of a heap memory or stack
+buffer.  This issue affects version 2.4.10 only.
 </p>
   </dd>
   <dd>
@@ -108,7 +109,7 @@ This issue was reported by Teguh P. Alko
   <dd/>
   <dd>
       Affects: 
-    2.4.10, 2.4.9, 2.4.8, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1<p/></dd>
+    2.4.10<p/></dd>
   <dd>
     <b>low: </b>
     <b>



Mime
View raw message