[apache2] 10/13: tweak changelog

Stefan Fritsch sf at moszumanska.debian.org
Fri Mar 30 21:04:42 UTC 2018 

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch master
in repository apache2.

commit 8a3525d23920729c95858ac5bb81bf8b687c3d16
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Fri Mar 30 21:38:21 2018 +0200

    tweak changelog
---
 debian/changelog | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 721cc3b..7d3fb37 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,29 +1,31 @@
 apache2 (2.4.33-1) UNRELEASED; urgency=medium
 
   * New upstream version.
-    - SECURITY: CVE-2017-15710
+    Security fixes:
+    - CVE-2017-15710
       Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled
-    - SECURITY: CVE-2018-1283
+    - CVE-2018-1283
       mod_session: CGI-like applications that intend to read from mod_session's
       'SessionEnv ON' could be fooled into reading user-supplied data instead.
-    - SECURITY: CVE-2018-1303
+    - CVE-2018-1303
       mod_cache_socache: Fix request headers parsing to avoid a possible crash
       with specially crafted input data.
-    - SECURITY: CVE-2018-1301
+    - CVE-2018-1301
       core: Possible crash with excessively long HTTP request headers.
       Impractical to exploit with a production build and production LogLevel.
-    - SECURITY: CVE-2017-15715
+    - CVE-2017-15715
       core: Configure the regular expression engine to match '$' to the end of
       the input string only, excluding matching the end of any embedded
       newline characters. Behavior can be changed with new directive
       'RegexDefaultOptions'.
-    - SECURITY: CVE-2018-1312
+    - CVE-2018-1312
       mod_auth_digest: Fix generation of nonce values to prevent replay
       attacks across servers using a common Digest domain. This change
       may cause problems if used with round robin load balancers. PR 54637
-    - SECURITY: CVE-2018-1302
+    - CVE-2018-1302
       mod_http2: Potential crash w/ mod_http2.
-    - mod_md: new experimental, module for managing domains across virtual
+
+    - mod_md: New experimental, module for managing domains across virtual
       hosts, implementing the Let's Encrypt ACMEv1 protocol to signup and
       renew certificates.
     - core: silently ignore a not existent file path when IncludeOptional

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list