On 4/1/20 2:58 PM, [email protected] wrote: > Author: druggeri > Date: Wed Apr 1 12:58:58 2020 > New Revision: 1876001 > > URL: http://svn.apache.org/viewvc?rev=1876001&view=rev > Log: > Updates for announcement of 2.4.43 > > Modified: > httpd/httpd/branches/2.4.x/CHANGES > httpd/httpd/branches/2.4.x/STATUS > > Modified: httpd/httpd/branches/2.4.x/CHANGES > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1876001&r1=1876000&r2=1876001&view=diff > ============================================================================== > --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original) > +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Wed Apr 1 12:58:58 2020 > @@ -1,6 +1,15 @@ > -*- coding: utf-8 > -*- > Changes with Apache 2.4.44 > > + *) SECURITY: CVE-2020-1934 (cve.mitre.org) > + mod_proxy_ftp: Use of uninitialized value with malicious backend FTP > + server. [Eric Covener] > + > + *) SECURITY: CVE-2020-1927 (cve.mitre.org) > + rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable > + matches and substitutions with encoded line break characters. > + The fix for CVE-2019-10098 was not effective. [Ruediger Pluem] > + I guess the above should be below pache 2.4.43 and not pache 2.4.44 > Changes with Apache 2.4.43 > > *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic] > Regards RĂ¼diger
