httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1772813 - /httpd/httpd/trunk/CHANGES
Date Mon, 05 Dec 2016 23:46:40 GMT
Author: ylavic
Date: Mon Dec  5 23:46:40 2016
New Revision: 1772813

URL: http://svn.apache.org/viewvc?rev=1772813&view=rev
Log:
mod_session_crypto: follow up to r1772812: CHANGES entry.

Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1772813&r1=1772812&r2=1772813&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Dec  5 23:46:40 2016
@@ -1,6 +1,11 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) SECURITY: CVE-2016-0736 (cve.mitre.org)
+     mod_session_crypto: Authenticate the session data/cookie with a
+     MAC (SipHash) to prevent deciphering or tampering with a padding
+     oracle attack.  [Yann Ylavic, Colm MacCarthaigh]
+
   *) mod_lua: Fix default value of LuaInherit directive. It should be 
      'parent-first' instead of 'none', as per documentation.  PR 60419
      [Christophe Jaillet]



Mime
View raw message