You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2021/09/07 11:45:28 UTC
svn commit: r49793 - in /release/httpd: CHANGES_2.4 CURRENT-IS-2.4.48
CURRENT-IS-2.4.49
Author: icing
Date: Tue Sep 7 11:45:28 2021
New Revision: 49793
Log:
announcement of httpd-2.4.49
Added:
release/httpd/CURRENT-IS-2.4.49
Removed:
release/httpd/CURRENT-IS-2.4.48
Modified:
release/httpd/CHANGES_2.4
Modified: release/httpd/CHANGES_2.4
==============================================================================
--- release/httpd/CHANGES_2.4 (original)
+++ release/httpd/CHANGES_2.4 Tue Sep 7 11:45:28 2021
@@ -1,6 +1,12 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.48
+ *) SECURITY: CVE-2021-39275 (cve.mitre.org)
+ core: ap_escape_quotes buffer overflow
+
+ *) SECURITY: CVE-2021-33193 (cve.mitre.org)
+ mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
+
*) SECURITY: CVE-2021-31618 (cve.mitre.org)
mod_http2: Fix a potential NULL pointer dereference [Ivan Zhakov]
Added: release/httpd/CURRENT-IS-2.4.49
==============================================================================
(empty)