You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ruediger Pluem <rp...@apache.org> on 2020/04/01 14:10:28 UTC
Re: svn commit: r1876001 - in /httpd/httpd/branches/2.4.x: CHANGES
STATUS
On 4/1/20 2:58 PM, druggeri@apache.org wrote:
> Author: druggeri
> Date: Wed Apr 1 12:58:58 2020
> New Revision: 1876001
>
> URL: http://svn.apache.org/viewvc?rev=1876001&view=rev
> Log:
> Updates for announcement of 2.4.43
>
> Modified:
> httpd/httpd/branches/2.4.x/CHANGES
> httpd/httpd/branches/2.4.x/STATUS
>
> Modified: httpd/httpd/branches/2.4.x/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1876001&r1=1876000&r2=1876001&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
> +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Wed Apr 1 12:58:58 2020
> @@ -1,6 +1,15 @@
> -*- coding: utf-8 -*-
> Changes with Apache 2.4.44
>
> + *) SECURITY: CVE-2020-1934 (cve.mitre.org)
> + mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
> + server. [Eric Covener]
> +
> + *) SECURITY: CVE-2020-1927 (cve.mitre.org)
> + rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
> + matches and substitutions with encoded line break characters.
> + The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]
> +
I guess the above should be below pache 2.4.43 and not pache 2.4.44
> Changes with Apache 2.4.43
>
> *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
>
Regards
RĂ¼diger