You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by ic...@apache.org on 2021/09/07 11:45:28 UTC

svn commit: r49793 - in /release/httpd: CHANGES_2.4 CURRENT-IS-2.4.48 CURRENT-IS-2.4.49

Author: icing
Date: Tue Sep  7 11:45:28 2021
New Revision: 49793

Log:
announcement of httpd-2.4.49

Added:
    release/httpd/CURRENT-IS-2.4.49
Removed:
    release/httpd/CURRENT-IS-2.4.48
Modified:
    release/httpd/CHANGES_2.4

Modified: release/httpd/CHANGES_2.4
==============================================================================
--- release/httpd/CHANGES_2.4 (original)
+++ release/httpd/CHANGES_2.4 Tue Sep  7 11:45:28 2021
@@ -1,6 +1,12 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.48
 
+  *) SECURITY: CVE-2021-39275 (cve.mitre.org)
+     core: ap_escape_quotes buffer overflow
+
+  *) SECURITY: CVE-2021-33193 (cve.mitre.org)
+     mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
+
   *) SECURITY: CVE-2021-31618 (cve.mitre.org)
      mod_http2: Fix a potential NULL pointer dereference [Ivan Zhakov]
 

Added: release/httpd/CURRENT-IS-2.4.49
==============================================================================
    (empty)