diff options
author | William A. Rowe Jr <wrowe@apache.org> | 2017-01-09 16:23:51 +0000 |
---|---|---|
committer | William A. Rowe Jr <wrowe@apache.org> | 2017-01-09 16:23:51 +0000 |
commit | 78213fd4cc088982096d4afb3fedc21bae6131eb (patch) | |
tree | d101fdcd05ad008052f9eba18fbcab28b1469ea9 | |
parent | 02176b04f795271899ce68889e828657442a15b9 (diff) | |
download | httpd-78213fd4cc088982096d4afb3fedc21bae6131eb.tar.gz |
** NOTE: the vendor states "This mitigation has been assigned the identifier
CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. **
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1778007 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 7 |
1 files changed, 3 insertions, 4 deletions
@@ -41,10 +41,6 @@ Changes with Apache 2.4.24 (not released) [Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State University, Stefan Eissing] - *) SECURITY: CVE-2016-5387 (cve.mitre.org) - core: Mitigate [f]cgi "httpoxy" issues. - [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic] - *) SECURITY: CVE-2016-2161 (cve.mitre.org) mod_auth_digest: Prevent segfaults during client entry allocation when the shared memory space is exhausted. @@ -66,6 +62,9 @@ Changes with Apache 2.4.24 (not released) pollution by malicious clients, upstream servers or faulty modules. [Stefan Fritsch, Eric Covener, Yann Ylavic] + *) core: Mitigate [f]cgi CVE-2016-5387 "httpoxy" issues. + [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic] + *) mod_rewrite: Limit runaway memory use by short circuiting some kinds of looping RewriteRules when the local path significantly exceeds LimitRequestLine. PR 60478. [Jeff Wheelhouse <apache wheelhouse.org>] |