From: Graham Leggett Date: Wed, 23 Sep 2009 22:24:00 +0000 (+0000) Subject: Add reference to the security issue fixed now that APR v1.3.9 is X-Git-Tag: 2.2.14~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a6d86f6563b1b08f02e446758a929ad704cd457f;p=thirdparty%2Fapache%2Fhttpd.git Add reference to the security issue fixed now that APR v1.3.9 is available. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@818288 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 8783b5297a1..7b39051b7bc 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,11 @@  -*- coding: utf-8 -*- Changes with Apache 2.2.14 + *) SECURITY: CVE-2009-2699 (cve.mitre.org) + Fixed in APR 1.3.9. Faulty error handling in the Solaris pollset support + (Event Port backend) which could trigger hangs in the prefork and event + MPMs on that platform. PR 47645. [Jeff Trawick] + *) SECURITY: CVE-2009-3095 (cve.mitre.org) mod_proxy_ftp: sanity check authn credentials. [Stefan Fritsch , Joe Orton]