You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by tr...@apache.org on 2010/03/09 18:29:23 UTC

svn commit: r920995 - /httpd/httpd/branches/2.0.x/CHANGES

Author: trawick
Date: Tue Mar  9 17:29:22 2010
New Revision: 920995

URL: http://svn.apache.org/viewvc?rev=920995&view=rev
Log:
follow up r920961 with the related CHANGES entry

Modified:
    httpd/httpd/branches/2.0.x/CHANGES

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?rev=920995&r1=920994&r2=920995&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Tue Mar  9 17:29:22 2010
@@ -1,6 +1,11 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.64
 
+  *) SECURITY: CVE-2010-0425 (cve.mitre.org)
+     mod_isapi: Do not unload an isapi .dll module until the request
+     processing is completed, avoiding orphaned callback pointers.
+     [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
+
   *) SECURITY: CVE-2008-2939 (cve.mitre.org)
      mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
      the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]