svn commit: r1799225 - /httpd/httpd/branches/2.4.x/CHANGES

[ji...@apache.org]

Author: jim
Date: Mon Jun 19 16:36:07 2017
New Revision: 1799225

URL: http://svn.apache.org/viewvc?rev=1799225&view=rev
Log:
NOTE CVEs

Modified:
    httpd/httpd/branches/2.4.x/CHANGES

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1799225&r1=1799224&r2=1799225&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Mon Jun 19 16:36:07 2017
@@ -5,6 +5,30 @@ Changes with Apache 2.4.27
 
 Changes with Apache 2.4.26
 
+  *) SECURITY: CVE-2017-7679 (cve.mitre.org)
+     mod_mime can read one byte past the end of a buffer when sending a
+     malicious Content-Type response header.
+
+  *) SECURITY: CVE-2017-7668 (cve.mitre.org)
+     The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
+     bug in token list parsing, which allows ap_find_token() to search past
+     the end of its input string. By maliciously crafting a sequence of
+     request headers, an attacker may be able to cause a segmentation fault,
+     or to force ap_find_token() to return an incorrect value.
+
+  *) SECURITY: CVE-2017-7659 (cve.mitre.org)
+     A maliciously constructed HTTP/2 request could cause mod_http2 to
+     dereference a NULL pointer and crash the server process.
+
+  *) SECURITY: CVE-2017-3169 (cve.mitre.org)
+     mod_ssl may dereference a NULL pointer when third-party modules call
+     ap_hook_process_connection() during an HTTP request to an HTTPS port.
+
+  *) SECURITY: CVE-2017-3167 (cve.mitre.org)
+     Use of the ap_get_basic_auth_pw() by third-party modules outside of the
+     authentication phase may lead to authentication requirements being
+     bypassed.
+
   *) HTTP/2 support no longer tagged as "experimental" but is instead considered
      fully production ready.