You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2014/07/14 21:36:38 UTC
svn commit: r1610495 - /httpd/httpd/branches/2.4.x/CHANGES
Author: jorton
Date: Mon Jul 14 19:36:38 2014
New Revision: 1610495
URL: http://svn.apache.org/r1610495
Log:
Note CVE name for mod_cache crasher fixed in 2.4.7.
This issue affected httpd versions 2.4.5 and 2.4.6 only.
Modified:
httpd/httpd/branches/2.4.x/CHANGES
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1610495&r1=1610494&r2=1610495&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Mon Jul 14 19:36:38 2014
@@ -347,6 +347,11 @@ Changes with Apache 2.4.8
Changes with Apache 2.4.7
+ *) SECURITY: CVE-2013-4352 (cve.mitre.org)
+ mod_cache: Fix a NULL pointer deference which allowed untrusted
+ origin servers to crash mod_cache in a forward proxy
+ configuration. [Graham Leggett]
+
*) APR 1.5.0 or later is now required for the event MPM.
*) slotmem_shm: Error detection. [Jim Jagielski]
@@ -458,9 +463,6 @@ Changes with Apache 2.4.7
will or will not be persisted and whether settings are inherited.
[Daniel Ruggeri, Jim Jagielski]
- *) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
- [Graham Leggett]
-
*) core: Add util_fcgi.h and associated definitions and support
routines for FastCGI, based largely on mod_proxy_fcgi.
[Jeff Trawick]