From: Joe Orton <jorton@apache.org>
Date: Mon, 14 Jul 2014 19:36:38 +0000 (+0000)
Subject: Note CVE name for mod_cache crasher fixed in 2.4.7.
X-Git-Tag: 2.4.10~24
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b4398f748c08f3355cfc786b1eecdd6490e91fe5;p=apache

Note CVE name for mod_cache crasher fixed in 2.4.7.

This issue affected httpd versions 2.4.5 and 2.4.6 only.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610495 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 8aedf75d1e..041c6a5656 100644
--- a/CHANGES
+++ b/CHANGES
@@ -347,6 +347,11 @@ Changes with Apache 2.4.8
 
 Changes with Apache 2.4.7
 
+  *) SECURITY: CVE-2013-4352 (cve.mitre.org)
+     mod_cache: Fix a NULL pointer deference which allowed untrusted
+     origin servers to crash mod_cache in a forward proxy
+     configuration.  [Graham Leggett]
+
   *) APR 1.5.0 or later is now required for the event MPM.
   
   *) slotmem_shm: Error detection. [Jim Jagielski]
@@ -458,9 +463,6 @@ Changes with Apache 2.4.7
      will or will not be persisted and whether settings are inherited.
      [Daniel Ruggeri, Jim Jagielski]
 
-  *) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
-     [Graham Leggett]
-
   *) core: Add util_fcgi.h and associated definitions and support
      routines for FastCGI, based largely on mod_proxy_fcgi.
      [Jeff Trawick]