You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jc...@apache.org on 2016/12/20 18:48:53 UTC
svn commit: r17505 - in /dev/httpd: Announcement2.4.html Announcement2.4.txt
Author: jchampion
Date: Tue Dec 20 18:48:53 2016
New Revision: 17505
Log:
2.4.25: fix up colon, add HTML description for CVE-2016-5387 to match
Modified:
dev/httpd/Announcement2.4.html
dev/httpd/Announcement2.4.txt
Modified: dev/httpd/Announcement2.4.html
==============================================================================
--- dev/httpd/Announcement2.4.html (original)
+++ dev/httpd/Announcement2.4.html Tue Dec 20 18:48:53 2016
@@ -26,7 +26,7 @@
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
a security, feature, and bug fix release, and addresses these
- specific security defects as well as other fixes;
+ specific security defects as well as other fixes:
</p>
<ul>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736">CVE-2016-0736</a>
@@ -39,6 +39,7 @@
when the shared memory space is exhausted.
</li>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387">CVE-2016-5387</a>
+ core: Mitigate [f]cgi "httpoxy" issues.
</li>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740">CVE-2016-8740</a>
mod_http2: Mitigate DoS memory exhaustion via endless
Modified: dev/httpd/Announcement2.4.txt
==============================================================================
--- dev/httpd/Announcement2.4.txt (original)
+++ dev/httpd/Announcement2.4.txt Tue Dec 20 18:48:53 2016
@@ -7,7 +7,7 @@
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
a security, feature, and bug fix release, and addresses these
- specific security defects as well as other fixes;
+ specific security defects as well as other fixes:
CVE-2016-0736 (cve.mitre.org)
mod_session_crypto: Authenticate the session data/cookie with a