[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apr-cvs
Subject:    svn commit: r1676016 - /apr/apr/branches/1.5.x/CHANGES
From:       trawick () apache ! org
Date:       2015-04-25 11:52:04
Message-ID: 20150425115204.3A516AC0397 () hades ! apache ! org
[Download RAW message or body]

Author: trawick
Date: Sat Apr 25 11:52:03 2015
New Revision: 1676016

URL: http://svn.apache.org/r1676016
Log:
Add missing changes for r1676015

Modified:
    apr/apr/branches/1.5.x/CHANGES

Modified: apr/apr/branches/1.5.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.5.x/CHANGES?rev=1676016&r1=1676015&r2=1676016&view=diff
 ==============================================================================
--- apr/apr/branches/1.5.x/CHANGES [utf-8] (original)
+++ apr/apr/branches/1.5.x/CHANGES [utf-8] Sat Apr 25 11:52:03 2015
@@ -1,6 +1,13 @@
                                                      -*- coding: utf-8 -*-
 Changes for APR 1.5.2
 
+  *) SECURITY: CVE-2015-1829 (cve.mitre.org)
+     APR applications using APR named pipe support on Windows can be 
+     vulnerable to a pipe squatting attack from a local process; the extent
+     of the vulnerability, when present, depends on the application.
+     Initial analysis and report was provided by John Hernandez of Casaba 
+     Security via HP SSRT Security Alert.  [Yann Ylavic]
+
   *) apr_atomic: Fix errors when building on Visual Studio 2013 while
      maintaining the ability to build on Visual Studio 6 with Windows
      Server 2003 R2 SDK. PR 57191. [Gregg Smith]


[prev in list] [next in list] [prev in thread] [next in thread]