Commit 975247b1 authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files

** NOTE: the vendor states "This mitigation has been assigned the identifier 

CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. **



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1778007 13f79535-47bb-0310-9956-ffa450edef68
parent 3f7a3df4

CHANGES

+3 −4
Original line number Diff line number Diff line
@@ -41,10 +41,6 @@ Changes with Apache 2.4.24 (not released) 
     [Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State

     University, Stefan Eissing]



  *) SECURITY: CVE-2016-5387 (cve.mitre.org)

     core: Mitigate [f]cgi "httpoxy" issues.

     [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]



  *) SECURITY: CVE-2016-2161 (cve.mitre.org)

     mod_auth_digest: Prevent segfaults during client entry allocation when

     the shared memory space is exhausted.
@@ -66,6 +62,9 @@ Changes with Apache 2.4.24 (not released) 
     pollution by malicious clients, upstream servers or faulty modules.

     [Stefan Fritsch, Eric Covener, Yann Ylavic]



  *) core: Mitigate [f]cgi CVE-2016-5387 "httpoxy" issues.

     [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]



  *) mod_rewrite: Limit runaway memory use by short circuiting some kinds of

     looping RewriteRules when the local path significantly exceeds 

     LimitRequestLine.  PR 60478. [Jeff Wheelhouse <apache wheelhouse.org>]