You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2016/12/09 13:58:30 UTC
svn commit: r1773396 - /httpd/httpd/trunk/CHANGES
Author: covener
Date: Fri Dec 9 13:58:30 2016
New Revision: 1773396
URL: http://svn.apache.org/viewvc?rev=1773396&view=rev
Log:
backported
Modified:
httpd/httpd/trunk/CHANGES
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1773396&r1=1773395&r2=1773396&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Dec 9 13:58:30 2016
@@ -4,16 +4,6 @@ Changes with Apache 2.5.0
*) core: Drop Content-Length header and message-body from HTTP 204 responses.
PR 51350 [Luca Toscano]
- *) SECURITY: CVE-2016-2161 (cve.mitre.org)
- mod_auth_digest: Prevent segfaults during client entry allocation when the
- shared memory space is exhausted. [Maksim Malyutin <m.malyutin dsec.ru>,
- Eric Covener, Jacob Champion]
-
- *) SECURITY: CVE-2016-0736 (cve.mitre.org)
- mod_session_crypto: Authenticate the session data/cookie with a
- MAC (SipHash) to prevent deciphering or tampering with a padding
- oracle attack. [Yann Ylavic, Colm MacCarthaigh]
-
*) mod_lua: Fix default value of LuaInherit directive. It should be
'parent-first' instead of 'none', as per documentation. PR 60419
[Christophe Jaillet]