From efe1f81aa69f18c1cea8ed47fcbb4279cc26b697 Mon Sep 17 00:00:00 2001 From: "William A. Rowe Jr" Date: Fri, 9 Sep 2011 13:23:50 +0000 Subject: [PATCH] Non-releases don't have user-visible regressions; now a contributor to the fix git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1167151 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index c9e5c50fc3..5c5d06a7e2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,11 +1,12 @@ - -*- coding: utf-8 -*- + -*- coding: utf-8 -*- Changes with Apache 2.3.15 *) SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. - PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener] + PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener, + ] *) mod_ldap: Optional function uldap_ssl_supported(r) always returned false if called from a virtual host with mod_ldap directives in it. Did not @@ -24,9 +25,6 @@ Changes with Apache 2.3.15 CRL processing to OpenSSL, and add a new [Proxy]CARevocationCheck directive for controlling the revocation checking mode. [Kaspar Brand] - *) Fix a regression in the CVE-2011-3192 byterange fix. - PR 51748. [low_priority ] - *) core: Add MaxRanges directive to control the number of ranges permitted before returning the entire resource, with a default limit of 200. [Eric Covener] -- 2.49.0