You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by dr...@apache.org on 2019/01/22 17:13:10 UTC
svn commit: r1851837 - in /httpd/httpd/branches/2.4.x: CHANGES STATUS
Author: druggeri
Date: Tue Jan 22 17:13:10 2019
New Revision: 1851837
URL: http://svn.apache.org/viewvc?rev=1851837&view=rev
Log:
Updates for announcement of 2.4.38
Modified:
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1851837&r1=1851836&r2=1851837&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Tue Jan 22 17:13:10 2019
@@ -3,6 +3,21 @@ Changes with Apache 2.4.39
Changes with Apache 2.4.38
+ *) SECURITY: CVE-2018-17199 (cve.mitre.org)
+ mod_session: mod_session_cookie does not respect expiry time allowing
+ sessions to be reused. [Hank Ibell]
+
+ *) SECURITY: CVE-2018-17189 (cve.mitre.org)
+ mod_http2: fixes a DoS attack vector. By sending slow request bodies
+ to resources not consuming them, httpd cleanup code occupies a server
+ thread unnecessarily. This was changed to an immediate stream reset
+ which discards all stream state and incoming data. [Stefan Eissing]
+
+ *) SECURITY: CVE-2019-0190 (cve.mitre.org)
+ mod_ssl: Fix infinite loop triggered by a client-initiated
+ renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
+ later. PR 63052. [Joe Orton]
+
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
PR 63052 [Joe Orton]
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1851837&r1=1851836&r2=1851837&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue Jan 22 17:13:10 2019
@@ -30,7 +30,7 @@ Release history:
while x.{even}.z versions are Stable/GA releases.]
2.4.39 : In development
- 2.4.38 : Tagged on January 17, 2019
+ 2.4.38 : Tagged on January 17, 2019. Released on January 22, 2019.
2.4.37 : Tagged on October 18, 2018. Released on October 23, 2018.
2.4.36 : Tagged on October 10, 2018. Not released.
2.4.35 : Tagged on September 17, 2018. Released on September 22, 2018.