From 151dadbef9652e4625f95e46bc954fc62c78072c Mon Sep 17 00:00:00 2001 From: "William A. Rowe Jr" Date: Tue, 9 Jul 2013 18:08:01 +0000 Subject: [PATCH] Note security implication git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1501414 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 96bb196e512..cf958010b9c 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,12 @@ Changes with Apache 2.2.26 Changes with Apache 2.2.25 + *) SECURITY: CVE-2013-1896 (cve.mitre.org) + mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with + the source href (sent as part of the request body as XML) pointing to a + URI that is not configured for DAV will trigger a segfault. [Ben Reser + ] + *) SECURITY: CVE-2013-1862 (cve.mitre.org) mod_rewrite: Ensure that client data written to the RewriteLog is escaped to prevent terminal escape sequences from entering the @@ -47,11 +53,6 @@ Changes with Apache 2.2.25 *) htdigest: Fix buffer overflow when reading digest password file with very long lines. PR 54893. [Rainer Jung] - *) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with - the source href (sent as part of the request body as XML) pointing to a - URI that is not configured for DAV will trigger a segfault. [Ben Reser - ] - *) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611 [Timothy Wood ] -- 2.47.2