[prev in list] [next in list] [prev in thread] [next in thread]
List: apr-cvs
Subject: svn commit: r1676016 - /apr/apr/branches/1.5.x/CHANGES
From: trawick () apache ! org
Date: 2015-04-25 11:52:04
Message-ID: 20150425115204.3A516AC0397 () hades ! apache ! org
[Download RAW message or body]
Author: trawick
Date: Sat Apr 25 11:52:03 2015
New Revision: 1676016
URL: http://svn.apache.org/r1676016
Log:
Add missing changes for r1676015
Modified:
apr/apr/branches/1.5.x/CHANGES
Modified: apr/apr/branches/1.5.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.5.x/CHANGES?rev=1676016&r1=1676015&r2=1676016&view=diff
==============================================================================
--- apr/apr/branches/1.5.x/CHANGES [utf-8] (original)
+++ apr/apr/branches/1.5.x/CHANGES [utf-8] Sat Apr 25 11:52:03 2015
@@ -1,6 +1,13 @@
-*- coding: utf-8 -*-
Changes for APR 1.5.2
+ *) SECURITY: CVE-2015-1829 (cve.mitre.org)
+ APR applications using APR named pipe support on Windows can be
+ vulnerable to a pipe squatting attack from a local process; the extent
+ of the vulnerability, when present, depends on the application.
+ Initial analysis and report was provided by John Hernandez of Casaba
+ Security via HP SSRT Security Alert. [Yann Ylavic]
+
*) apr_atomic: Fix errors when building on Visual Studio 2013 while
maintaining the ability to build on Visual Studio 6 with Windows
Server 2003 R2 SDK. PR 57191. [Gregg Smith]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic