You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2011/09/09 15:29:18 UTC
svn commit: r1167156 - /httpd/httpd/trunk/CHANGES
Author: wrowe
Date: Fri Sep 9 13:29:18 2011
New Revision: 1167156
URL: http://svn.apache.org/viewvc?rev=1167156&view=rev
Log:
Reflect user-visible behavior change
Modified:
httpd/httpd/trunk/CHANGES
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1167156&r1=1167155&r2=1167156&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Sep 9 13:29:18 2011
@@ -1,6 +1,10 @@
- -*- coding: utf-8 -*-
+ -*- coding: utf-8 -*-
Changes with Apache 2.3.15
+ *) SECURITY: CVE-2011-3348 (cve.mitre.org)
+ mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
+ recognized. [Jean-Frederic Clere]
+
*) SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than