You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by jo...@apache.org on 2009/06/18 11:23:00 UTC

svn commit: r785982 - /httpd/httpd/branches/2.2.x/CHANGES

Author: jorton
Date: Thu Jun 18 09:22:59 2009
New Revision: 785982

URL: http://svn.apache.org/viewvc?rev=785982&view=rev
Log:
Add note about the APR-util security fixes.

Modified:
    httpd/httpd/branches/2.2.x/CHANGES

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=785982&r1=785981&r2=785982&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Thu Jun 18 09:22:59 2009
@@ -11,6 +11,11 @@
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]
 
+  *) SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
+     The bundled copy of the APR-util library has been updated, fixing three
+     different security issues which may affect particular configurations
+     and third-party modules.
+
   *) mod_proxy: Complete ProxyPassReverse to handle balancer URL's.  Given;
        BalancerMember balancer://alias http://example.com/foo
        ProxyPassReverse /bash balancer://alias/bar