It looks like these were missed in CHANGES. I will update and push. > On Jul 18, 2018, at 3:54 AM, [email protected] wrote: > > Author: mjc > Date: Wed Jul 18 07:54:13 2018 > New Revision: 1836150 > > URL: http://svn.apache.org/viewvc?rev=1836150&view=rev > Log: > add 2.3.34 vulns that were fixed > > Modified: > httpd/site/trunk/content/security/vulnerabilities-httpd.xml > > Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml > URL: > http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1836150&r1=1836149&r2=1836150&view=diff > ============================================================================== > --- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original) > +++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Wed Jul 18 > 07:54:13 2018 > @@ -1,4 +1,45 @@ > -<security updated="20180325"> > +<security updated="20180718"> > + > +<issue reported="20180629" public="20180718"> > +<cve name="CVE-2018-8011"/> > +<severity level="3">moderate</severity> > +<title>mod_md, DoS via Coredumps on specially crafted requests</title> > +<description> > +<p>By specially crafting HTTP requests, the mod_md challenge > +handler would dereference a NULL pointer and cause the child > +process to segfault. This could be used to DoS the server.</p> > +</description> > +<acknowledgements> > +The issue was discovered by Daniel Caminada <[email protected]>. > +</acknowledgements> > +<fixed base="2.4" version="2.4.34" date="20180715"/> > +<affects prod="httpd" version="2.4.33"/> > +</issue> > + > +<issue reported="20180508" public="20180718"> > +<cve name="CVE-2018-1333"/> > +<severity level="3">low</severity> > +<title>DoS for HTTP/2 connections by crafted requests</title> > +<description> > +<p>By specially crafting HTTP/2 requests, workers would be > +allocated 60 seconds longer than necessary, leading to > +worker exhaustion and a denial of service.</p> > +</description> > +<acknowledgements> > +The issue was discovered by Craig Young of Tripwire VERT. > +</acknowledgements> > +<fixed base="2.4" version="2.4.34" date="20180715"/> > +<affects prod="httpd" version="2.4.33"/> > +<affects prod="httpd" version="2.4.30"/> > +<affects prod="httpd" version="2.4.29"/> > +<affects prod="httpd" version="2.4.28"/> > +<affects prod="httpd" version="2.4.27"/> > +<affects prod="httpd" version="2.4.26"/> > +<affects prod="httpd" version="2.4.25"/> > +<affects prod="httpd" version="2.4.23"/> > +<affects prod="httpd" version="2.4.20"/> > +<affects prod="httpd" version="2.4.18"/> > +</issue> > > <issue reported="20171114" public="20180321"> > <cve name="CVE-2018-1283"/> > >
