git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: svn commit: r1836150 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml


It looks like these were missed in CHANGES. I will update and push.

> On Jul 18, 2018, at 3:54 AM, mjc@xxxxxxxxxx wrote:
> 
> Author: mjc
> Date: Wed Jul 18 07:54:13 2018
> New Revision: 1836150
> 
> URL: http://svn.apache.org/viewvc?rev=1836150&view=rev
> Log:
> add 2.3.34 vulns that were fixed
> 
> Modified:
>    httpd/site/trunk/content/security/vulnerabilities-httpd.xml
> 
> Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
> URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1836150&r1=1836149&r2=1836150&view=diff
> ==============================================================================
> --- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
> +++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Wed Jul 18 07:54:13 2018
> @@ -1,4 +1,45 @@
> -<security updated="20180325">
> +<security updated="20180718">  
> +
> +<issue reported="20180629" public="20180718">
> +<cve name="CVE-2018-8011"/>
> +<severity level="3">moderate</severity>
> +<title>mod_md, DoS via Coredumps on specially crafted requests</title>
> +<description>
> +<p>By specially crafting HTTP requests, the mod_md challenge
> +handler would dereference a NULL pointer and cause the child
> +process to segfault. This could be used to DoS the server.</p>
> +</description>
> +<acknowledgements>
> +The issue was discovered by Daniel Caminada &lt;daniel.caminada@xxxxxxxx&gt;.
> +</acknowledgements>
> +<fixed base="2.4" version="2.4.34" date="20180715"/>
> +<affects prod="httpd" version="2.4.33"/>
> +</issue>
> +
> +<issue reported="20180508" public="20180718">
> +<cve name="CVE-2018-1333"/>
> +<severity level="3">low</severity>
> +<title>DoS for HTTP/2 connections by crafted requests</title>
> +<description>
> +<p>By specially crafting HTTP/2 requests, workers would be
> +allocated 60 seconds longer than necessary, leading to
> +worker exhaustion and a denial of service.</p>
> +</description>
> +<acknowledgements>
> +The issue was discovered by Craig Young of Tripwire VERT.
> +</acknowledgements>
> +<fixed base="2.4" version="2.4.34" date="20180715"/>
> +<affects prod="httpd" version="2.4.33"/>
> +<affects prod="httpd" version="2.4.30"/>
> +<affects prod="httpd" version="2.4.29"/>
> +<affects prod="httpd" version="2.4.28"/>
> +<affects prod="httpd" version="2.4.27"/>
> +<affects prod="httpd" version="2.4.26"/>
> +<affects prod="httpd" version="2.4.25"/>
> +<affects prod="httpd" version="2.4.23"/>
> +<affects prod="httpd" version="2.4.20"/>
> +<affects prod="httpd" version="2.4.18"/>
> +</issue>
> 
> <issue reported="20171114" public="20180321">
> <cve name="CVE-2018-1283"/>
> 
> 




( ! ) Warning: include(msgfooter.php): failed to open stream: No such file or directory in /var/www/git/apache2-developers/msg04305.html on line 139
Call Stack
#TimeMemoryFunctionLocation
10.0008368728{main}( ).../msg04305.html:0

( ! ) Warning: include(): Failed opening 'msgfooter.php' for inclusion (include_path='.:/var/www/git') in /var/www/git/apache2-developers/msg04305.html on line 139
Call Stack
#TimeMemoryFunctionLocation
10.0008368728{main}( ).../msg04305.html:0