vulnerabilities-httpd.xml

Checkout Tools
  • last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Remove a stray fixme.

Missing date and affects

Another mistake

Actually these were fixed in 2.4.41

Fix mistake in html

Merge new vulnerability info

Fix the vulnerable versions to match our announcement for CVE-2019-0196

Update with latest batch of vulnerabilities
Missing update to vulns-xml

Add notes for CVE-2018-11763
Remove affects 2.4.30 as that was an unreleased version (noticed by Tomas Hoger)

Add missing details for CVE-2016-4975 which was mitigated by other changes

We got some questions about http/2 support, clarify

add 2.3.34 vulns that were fixed
Since 2.4.30 was never released we really ought to show that 2.4.33 which was the first release

with these fixes was the fixed version

Update the vulnerability XML to have one CVE per issue which means altering the

way we specify which issues are affected and merging the descriptions and vulnerable

versions. This will allow us to reuse the XML to generate our mailing list announcements

and Mitre JSON submission and be future proof to work for future major parallel releases.

Also cleanup the httpd xml a little replacing any dead links, upgrading links to https from

http.

We still generate the 2.2 page (and should generate the 2.0 and 1.3 legacy ones too) so

note in big letters that it's unsupported now

  1. … 2 more files in changeset.
There is no level medium so align to our published defined levels, and fix a couple of older bad indexes into the severity level
Match vulnerabilites' release date with doap's.
  1. … 1 more file in changeset.
Update security vulnerabitities' page for 2.4.30-33.
Prepare to announce, mirrors are long synced
  1. … 3 more files in changeset.
Correct link
Record CVE-2017-9798
copy markup fix from r1803119 to 2.2 entry

Clean up odd nesting effects observed in Chrome

Clean up odd nesting effects observed in Chrome
Touch to force regen of html
Announce vulnerabilites
Split another entry that has long been missing from the website for 2.2
Cleaner split of 2.4 from 2.2 in vulnerability table, tie 2.2 to .34 release
vulns: add CVE descriptions for the 2.4.26 release
Honor equest for less specific individual credit