You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2011/09/09 15:23:50 UTC
svn commit: r1167151 - /httpd/httpd/trunk/CHANGES
Author: wrowe
Date: Fri Sep 9 13:23:50 2011
New Revision: 1167151
URL: http://svn.apache.org/viewvc?rev=1167151&view=rev
Log:
Non-releases don't have user-visible regressions; now a contributor to the fix
Modified:
httpd/httpd/trunk/CHANGES
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1167151&r1=1167150&r2=1167151&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Sep 9 13:23:50 2011
@@ -1,11 +1,12 @@
- -*- coding: utf-8 -*-
+ -*- coding: utf-8 -*-
Changes with Apache 2.3.15
*) SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
- PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
+ PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener,
+ <lowprio20 gmail.com>]
*) mod_ldap: Optional function uldap_ssl_supported(r) always returned false
if called from a virtual host with mod_ldap directives in it. Did not
@@ -24,9 +25,6 @@ Changes with Apache 2.3.15
CRL processing to OpenSSL, and add a new [Proxy]CARevocationCheck
directive for controlling the revocation checking mode. [Kaspar Brand]
- *) Fix a regression in the CVE-2011-3192 byterange fix.
- PR 51748. [low_priority <lowprio20 gmail.com>]
-
*) core: Add MaxRanges directive to control the number of ranges permitted
before returning the entire resource, with a default limit of 200.
[Eric Covener]