Ah, yes... Not sure how I made that error. Just fixed!
--
Daniel Ruggeri
On August 17, 2019 9:41:42 AM CDT, Stefan Fritsch wrote:
>Hi,
>
>Shouldn't CVE-2019-10097 be listed under 2.4.41, too?
>
>Cheers,
>Stefan
>
>--- httpd/httpd/branches/2.4.x/CHANGES 2019/08/14 20:43:00 1865188
>+++ httpd/httpd/branches/2.4.x/CHANGES 2019/08/14 20:52:45 1865189
>@@ -1,8 +1,39 @@
> -*- coding:
>utf-8 -*-
> Changes with Apache 2.4.42
>
>+ *) SECURITY: CVE-2019-10097 (cve.mitre.org)
>+ mod_remoteip: Fix stack buffer overflow and NULL pointer
>deference
>+ when reading the PROXY protocol header. [Joe Orton,
>+ Daniel McCarney ]
>+
> Changes with Apache 2.4.41
>
>+ *) SECURITY: CVE-2019-9517 (cve.mitre.org)
>+ mod_http2: a malicious client could perform a DoS attack by
>flooding
>+a connection with requests and basically never reading
>responses
>+on the TCP connection. Depending on h2 worker dimensioning, it
>was
>+possible to block those with relatively few connections.
>[Stefan Eissing]
>+