You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2015/03/04 20:22:14 UTC

svn commit: r1664122 - /httpd/httpd/trunk/CHANGES

Author: covener
Date: Wed Mar  4 19:22:14 2015
New Revision: 1664122

URL: http://svn.apache.org/r1664122
Log:
backported


Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1664122&r1=1664121&r2=1664122&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Mar  4 19:22:14 2015
@@ -1,11 +1,6 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
-  *) SECURITY: CVE-2015-0228 (cve.mitre.org)
-     mod_lua: A maliciously crafted websockets PING after a script
-     calls r:wsupgrade() can cause a child process crash. 
-     [Edward Lu <Chaosed0 gmail.com>]
-
   *) core: If explicitly configured, use the KeepaliveTimeout value of the
      virtual host which handled the latest request on the connection, or by
      default the one of the first virtual host bound to the same IP:port.