-
Wed Jun 03 2015 Andrey Yutman <andrey.yutman@oracle.com> 2.4.6-25.0.1
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile
-
Tue Nov 25 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-25
- Remove mod_proxy_fcgi fix for heap-based buffer overflow,
httpd-2.4.6 is not affected (CVE-2014-3583)
-
Tue Nov 25 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-24
- mod_proxy_wstunnel: Fix the use of SSL with the "wss:" scheme (#1141950)
-
Mon Nov 24 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-23
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
- mod_proxy_fcgi: fix heap-based buffer overflow (CVE-2014-3583)
-
Fri Jul 18 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-22
- mod_cgid: add security fix for CVE-2014-0231
- mod_proxy: add security fix for CVE-2014-0117
- mod_deflate: add security fix for CVE-2014-0118
- mod_status: add security fix for CVE-2014-0226
- mod_cache: add secutiry fix for CVE-2013-4352
-
Thu Mar 20 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-19
- mod_dav: add security fix for CVE-2013-6438 (#1077885)
- mod_log_config: add security fix for CVE-2014-0098 (#1077885)
-
Wed Feb 05 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-18
- add legacy action scripts and htcacheclean service file,
use syslog for suexec logging (#1061009)
- mod_dav: fix locktoken handling (#1061010)
- mod_ssl: sanity-check use of "SSLCompression" (#1061011)
- mod_ssl: allow SSLEngine to override Listen-based default (#1061016)
-
Fri Jan 10 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-17
- rebuild because of File bug which caused no perl in provides
-
Tue Jan 07 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-16
- don't run posttrans restart if httpd-disable-posttrans exists (#1047097)
- mod_proxy: fix crash in brigade cleanup under high load (#1040448)
- remove "webserver" from provides (#1042877)
-
Tue Nov 26 2013 Joe Orton <jorton@redhat.com> - 2.4.6-15
- fix logs symlink