Updates for announcement of 2.4.46

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1880670 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 2dc1f4ebca5c6bb54f453fb4de76c19dc043fae7..34171412f33c71353a66d3c3a3bbc673b834454e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,21 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.47
 
+  *) SECURITY: CVE-2020-11984 (cve.mitre.org)
+     mod_proxy_uwsgi: Malicious request may result in information disclosure
+     or RCE of existing file on the server running under a malicious process
+     environment. [Yann Ylavic]
+
+  *) SECURITY: CVE-2020-11993 (cve.mitre.org)
+     mod_http2: when throttling connection requests, log statements
+     where possibly made that result in concurrent, unsafe use of
+     a memory pool. [Stefan Eissing]
+
+  *) SECURITY: 
+     mod_http2: a specially crafted value for the 'Cache-Digest' header
+     request would result in a crash when the server actually tries
+     to HTTP/2 PUSH a resource afterwards. [Stefan Eissing]
+
 Changes with Apache 2.4.46
   *) mod_proxy_fcgi: Fix missing APLOGNO macro argument
      [Eric Covener, Christophe Jaillet]

diff --git a/STATUS b/STATUS
index 6c60b17ec23505c231a84255ebf0efc47125f6b0..42a0067b9f52a3192f6fde2e0d57e959f441b1f7 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -30,7 +30,7 @@ Release history:
           while x.{even}.z versions are Stable/GA releases.]
 
     2.4.47  : In development
-    2.4.46  : Tagged on August 01, 2020
+    2.4.46  : Tagged on August 01, 2020. Released on August 07, 2020.
     2.4.45  : Tagged on July 29, 2020. Not released.
     2.4.44  : Tagged on July 28, 2020. Not released.
     2.4.43  : Tagged on March 26, 2020. Released on April 01, 2020.