httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1802129 - /httpd/httpd/branches/2.4.x/CHANGES
Date Mon, 17 Jul 2017 11:06:52 GMT
Author: ylavic
Date: Mon Jul 17 11:06:52 2017
New Revision: 1802129

URL: http://svn.apache.org/viewvc?rev=1802129&view=rev
Log:
Credits.

Modified:
    httpd/httpd/branches/2.4.x/CHANGES

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1802129&r1=1802128&r2=1802129&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Mon Jul 17 11:06:52 2017
@@ -8,12 +8,14 @@ Changes with Apache 2.4.27
   *) SECURITY: CVE-2017-9789 (cve.mitre.org)
      mod_http2: Read after free. When under stress, closing many connections,
      the HTTP/2 handling code would sometimes access memory after it has been
-     freed, resulting in potentially erratic behaviour. 
+     freed, resulting in potentially erratic behaviour.
+     [Stefan Eissing]
 
   *) SECURITY: CVE-2017-9788 (cve.mitre.org)
      mod_auth_digest: Uninitialized memory reflection.  The value placeholder
      in [Proxy-]Authorization headers type 'Digest' was not initialized or
      reset before or between successive key=value assignments.
+     [William Rowe]
 
   *) COMPATIBILITY: mod_lua: Remove the undocumented exported 'apr_table'
      global variable when using Lua 5.2 or later. This was exported as a



Mime
View raw message