httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jchamp...@apache.org
Subject svn commit: r17505 - in /dev/httpd: Announcement2.4.html Announcement2.4.txt
Date Tue, 20 Dec 2016 18:48:53 GMT
Author: jchampion
Date: Tue Dec 20 18:48:53 2016
New Revision: 17505

Log:
2.4.25: fix up colon, add HTML description for CVE-2016-5387 to match

Modified:
    dev/httpd/Announcement2.4.html
    dev/httpd/Announcement2.4.txt

Modified: dev/httpd/Announcement2.4.html
==============================================================================
--- dev/httpd/Announcement2.4.html (original)
+++ dev/httpd/Announcement2.4.html Tue Dec 20 18:48:53 2016
@@ -26,7 +26,7 @@
    represents fifteen years of innovation by the project, and is
    recommended over all previous releases. This release of Apache is
    a security, feature, and bug fix release, and addresses these 
-   specific security defects as well as other fixes;
+   specific security defects as well as other fixes:
 </p>
 <ul>
 <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736">CVE-2016-0736</a>
@@ -39,6 +39,7 @@
      when the shared memory space is exhausted.
 </li>
 <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387">CVE-2016-5387</a>
+     core: Mitigate [f]cgi "httpoxy" issues.
 </li>
 <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740">CVE-2016-8740</a>
      mod_http2: Mitigate DoS memory exhaustion via endless

Modified: dev/httpd/Announcement2.4.txt
==============================================================================
--- dev/httpd/Announcement2.4.txt (original)
+++ dev/httpd/Announcement2.4.txt Tue Dec 20 18:48:53 2016
@@ -7,7 +7,7 @@
    represents fifteen years of innovation by the project, and is
    recommended over all previous releases. This release of Apache is
    a security, feature, and bug fix release, and addresses these 
-   specific security defects as well as other fixes;
+   specific security defects as well as other fixes:
 
      CVE-2016-0736 (cve.mitre.org)
      mod_session_crypto: Authenticate the session data/cookie with a



Mime
View raw message