From: William A. Rowe Jr Date: Tue, 9 Jul 2013 18:07:58 +0000 (+0000) Subject: Note security implication X-Git-Tag: 2.4.5~15 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4d993618c3d7eb2fc8bafdd7b0a4ff06a51934fc;p=apache Note security implication git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1501413 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index a8a08c5bc0..7c632c80eb 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,13 @@ Changes with Apache 2.4.5 + *) SECURITY: CVE-2013-1896 (cve.mitre.org) + mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with + the source href (sent as part of the request body as XML) pointing to a + URI that is not configured for DAV will trigger a segfault. [Ben Reser + ] + + *) mod_proxy: Fix seg-faults when using the global pool on threaded MPMs [Thomas Eckert , Graham Leggett, Jim Jagielski] @@ -104,11 +111,6 @@ Changes with Apache 2.4.5 *) mod_dav: Improve error handling in dav_method_put(), add new dav_join_error() function. PR 54145. [Ben Reser ] - *) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with - the source href (sent as part of the request body as XML) pointing to a - URI that is not configured for DAV will trigger a segfault. [Ben Reser - ] - *) mod_dav: Do not fail PROPPATCH when prop namespace is not known. PR 52559 [Diego Santa Cruz ]