[apache2] 01/03: Remove mention of CVE-2016-5387 in 2.4.25-1 changelog
Stefan Fritsch
sf at moszumanska.debian.org
Fri Dec 30 10:11:30 UTC 2016
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch master
in repository apache2.
commit f8af65bcb68113f76e04f7780a4b36c4b2d7acb9
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Thu Dec 22 00:24:08 2016 +0100
Remove mention of CVE-2016-5387 in 2.4.25-1 changelog
---
debian/changelog | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 4d1b373..b734f34 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+apache2 (2.4.25-2) UNRELEASED; urgency=medium
+
+ * Remove mention of CVE-2016-5387 in 2.4.25-1 changelog. It was already
+ fixed in 2.4.23-2.
+
+ -- Stefan Fritsch <sf at debian.org> Thu, 22 Dec 2016 00:23:06 +0100
+
apache2 (2.4.25-1) unstable; urgency=medium
[ New upstream release ]
@@ -7,8 +14,6 @@ apache2 (2.4.25-1) unstable; urgency=medium
* Security: CVE-2016-2161:
mod_auth_digest: Prevent segfaults during client entry allocation when the
shared memory space is exhausted.
- * Security: CVE-2016-5387:
- Mitigate [f]cgi "httpoxy" issues.
* Security: CVE-2016-8740:
mod_http2: Mitigate DoS memory exhaustion via endless CONTINUATION frames.
Closes: #847124
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list