httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn propchange: r1796855 - svn:log
Date Mon, 17 Jul 2017 10:55:33 GMT
Author: ylavic
Revision: 1796855
Modified property: svn:log

Modified: svn:log at Mon Jul 17 10:55:33 2017
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Mon Jul 17 10:55:33 2017
@@ -1,13 +1,11 @@
-Merge r1796348 from trunk:
-
-core: deprecate and replace ap_get_basic_auth_pw
-
-  *) core: Deprecate ap_get_basic_auth_pw() and add 
-    ap_get_basic_auth_components(). 
-
-Submitted By: Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener
+SECURITY: CVE-2017-3167 (cve.mitre.org)
+Use of the ap_get_basic_auth_pw() by third-party modules outside of the
+authentication phase may lead to authentication requirements being
+bypassed.
 
+Merge r1796348 from trunk:
 
+core: Deprecate ap_get_basic_auth_pw() and add ap_get_basic_auth_components(). 
 
-Submitted by: covener
+Submitted By: Emmanuel Dreyfus <manu netbsd.org>, jchampion, coverner
 Reviewed by: covener, ylavic, jim


Mime
View raw message