You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2016/12/06 17:36:26 UTC
svn commit: r1772924 - /httpd/httpd/branches/2.4.x/STATUS
Author: jim
Date: Tue Dec 6 17:36:26 2016
New Revision: 1772924
URL: http://svn.apache.org/viewvc?rev=1772924&view=rev
Log:
promote
Modified:
httpd/httpd/branches/2.4.x/STATUS
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1772924&r1=1772923&r2=1772924&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue Dec 6 17:36:26 2016
@@ -117,6 +117,14 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
+ *) SECURITY: CVE-2016-0736 (cve.mitre.org)
+ mod_session_crypto: Authenticate the session data/cookie with a
+ MAC (SipHash) to prevent deciphering or tampering from a padding
+ oracle attack. [Yann Ylavic, Colm MacCarthaigh]
+ trunk patch: http://svn.apache.org/r1772812
+ http://svn.apache.org/r1772813
+ 2.4.x patch: trunk works (modulo CHANGES)
+ +1: ylavic, covener, jim
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
@@ -149,14 +157,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
jailletc36: compatibility note missing in the XML file
jim: Will address during commit
- *) SECURITY: CVE-2016-0736 (cve.mitre.org)
- mod_session_crypto: Authenticate the session data/cookie with a
- MAC (SipHash) to prevent deciphering or tampering from a padding
- oracle attack. [Yann Ylavic, Colm MacCarthaigh]
- trunk patch: http://svn.apache.org/r1772812
- http://svn.apache.org/r1772813
- 2.4.x patch: trunk works (modulo CHANGES)
- +1: ylavic, covener, jim
PATCHES/ISSUES THAT ARE BEING WORKED