From: Jim Jagielski <jim@apache.org>
Date: Thu, 13 Mar 2014 12:43:43 +0000 (+0000)
Subject: Note changes
X-Git-Tag: 2.4.9~8
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=528a18e3c6343592352c789e1512729a525c6536;p=apache

Note changes


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577139 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 3c9f35501b..75625765c6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.9
 
+  *) mod_ssl: Work around a bug in some older versions of OpenSSL that
+     would cause a crash in SSL_get_certificate for servers where the
+     certificate hadn't been sent. [Stephen Henson]
 
 Changes with Apache 2.4.8
 
@@ -11,6 +14,12 @@ Changes with Apache 2.4.8
      logging truncated cookies.
      [William Rowe, Ruediger Pluem, Jim Jagielski]
 
+ *) SECURITY: CVE-2013-6438 (cve.mitre.org)
+    mod_dav: Keep track of length of cdata properly when removing
+    leading spaces. Eliminates a potential denial of service from
+    specifically crafted DAV WRITE requests
+    [Amin Tora <Amin.Tora neustar.biz>]
+
   *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
      TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]