Commit 2d6a915e authored by Jim Jagielski's avatar Jim Jagielski
Browse files

promote 


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772924 13f79535-47bb-0310-9956-ffa450edef68
parent 4d404ae2

STATUS

+8 −8
Original line number Diff line number Diff line
@@ -117,6 +117,14 @@ RELEASE SHOWSTOPPERS: 
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]



  *) SECURITY: CVE-2016-0736 (cve.mitre.org)

     mod_session_crypto: Authenticate the session data/cookie with a

     MAC (SipHash) to prevent deciphering or tampering from a padding

     oracle attack.  [Yann Ylavic, Colm MacCarthaigh]

     trunk patch: http://svn.apache.org/r1772812

                  http://svn.apache.org/r1772813

     2.4.x patch: trunk works (modulo CHANGES)

     +1: ylavic, covener, jim





PATCHES PROPOSED TO BACKPORT FROM TRUNK:
@@ -149,14 +157,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: 
     jailletc36: compatibility note missing in the XML file

     jim:        Will address during commit



  *) SECURITY: CVE-2016-0736 (cve.mitre.org)

     mod_session_crypto: Authenticate the session data/cookie with a

     MAC (SipHash) to prevent deciphering or tampering from a padding

     oracle attack.  [Yann Ylavic, Colm MacCarthaigh]

     trunk patch: http://svn.apache.org/r1772812

                  http://svn.apache.org/r1772813

     2.4.x patch: trunk works (modulo CHANGES)

     +1: ylavic, covener, jim





PATCHES/ISSUES THAT ARE BEING WORKED