You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2010/03/03 12:48:35 UTC
svn commit: r80 - /dev/httpd/CHANGES_2.2
Author: trawick
Date: Wed Mar 3 06:48:34 2010
New Revision: 80
Log:
reflect assignment of CVE-2010-0434
Modified:
dev/httpd/CHANGES_2.2
Modified: dev/httpd/CHANGES_2.2
==============================================================================
--- dev/httpd/CHANGES_2.2 (original)
+++ dev/httpd/CHANGES_2.2 Wed Mar 3 06:48:34 2010
@@ -19,7 +19,8 @@
processing is completed, avoiding orphaned callback pointers.
[Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
- *) Ensure each subrequest has a shallow copy of headers_in so that the
+ *) SECURITY: CVE-2010-0434 (cve.mitre.org)
+ Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted. Elimiates a problematic
optimization in the case of no request body. PR 48359
[Jake Scott, William Rowe, Ruediger Pluem]