httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1802128 - /httpd/httpd/branches/2.2.x/CHANGES
Date Mon, 17 Jul 2017 11:04:09 GMT
Author: ylavic
Date: Mon Jul 17 11:04:08 2017
New Revision: 1802128

URL: http://svn.apache.org/viewvc?rev=1802128&view=rev
Log:
Add the CHANGES' security entry for 2.2.34.

Modified:
    httpd/httpd/branches/2.2.x/CHANGES

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1802128&r1=1802127&r2=1802128&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Mon Jul 17 11:04:08 2017
@@ -1,6 +1,12 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.34 (final)
 
+  *) SECURITY: CVE-2017-9788 (cve.mitre.org)
+     mod_auth_digest: Uninitialized memory reflection.  The value placeholder
+     in [Proxy-]Authorization headers type 'Digest' was not initialized or
+     reset before or between successive key=value assignments.
+     [William Rowe]
+
   *) Allow single-char field names inadvertantly disallowed in 2.2.32.
      PR 61220. [Yann Ylavic]
 



Mime
View raw message