Mailing List Archive

svn commit: r1880673 - /httpd/httpd/branches/2.4.x/CHANGES
Author: covener
Date: Fri Aug 7 11:50:14 2020
New Revision: 1880673

URL: http://svn.apache.org/viewvc?rev=1880673&view=rev
Log:
add CVE


Modified:
httpd/httpd/branches/2.4.x/CHANGES

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1880673&r1=1880672&r2=1880673&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Aug 7 11:50:14 2020
@@ -11,7 +11,7 @@ Changes with Apache 2.4.47
where possibly made that result in concurrent, unsafe use of
a memory pool. [Stefan Eissing]

- *) SECURITY:
+ *) SECURITY: CVE-2020-9490 (cve.mitre.org)
mod_http2: a specially crafted value for the 'Cache-Digest' header
request would result in a crash when the server actually tries
to HTTP/2 PUSH a resource afterwards. [Stefan Eissing]
Re: svn commit: r1880673 - /httpd/httpd/branches/2.4.x/CHANGES [ In reply to ]
This still needs to be synched up to
https://downloads.apache.org/httpd/CHANGES_2.4.46 if possible

On Fri, Aug 7, 2020 at 7:50 AM <covener@apache.org> wrote:
>
> Author: covener
> Date: Fri Aug 7 11:50:14 2020
> New Revision: 1880673
>
> URL: http://svn.apache.org/viewvc?rev=1880673&view=rev
> Log:
> add CVE
>
>
> Modified:
> httpd/httpd/branches/2.4.x/CHANGES
>
> Modified: httpd/httpd/branches/2.4.x/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1880673&r1=1880672&r2=1880673&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
> +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Aug 7 11:50:14 2020
> @@ -11,7 +11,7 @@ Changes with Apache 2.4.47
> where possibly made that result in concurrent, unsafe use of
> a memory pool. [Stefan Eissing]
>
> - *) SECURITY:
> + *) SECURITY: CVE-2020-9490 (cve.mitre.org)
> mod_http2: a specially crafted value for the 'Cache-Digest' header
> request would result in a crash when the server actually tries
> to HTTP/2 PUSH a resource afterwards. [Stefan Eissing]
>
>


--
Eric Covener
covener@gmail.com