Merge r1296428 from trunk:

Fix insecure handling of LD_LIBRARY_PATH that could lead to the current working directory to be searched for DSOs CVE-2012-0883 Submitted by: sf Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1298453 13f79535-47bb-0310-9956-ffa450edef68
author: Jim Jagielski <jim@apache.org> 2012-03-08 16:10:51 +0000
committer: Jim Jagielski <jim@apache.org> 2012-03-08 16:10:51 +0000
commit: a66939f8049cfdfe68447cba43b1912ba1589b2a (patch)
tree: 2c138ee8213bf4339c61590ef645c628f14f1e59 /CHANGES
parent: d81fdd8ce764dcc94eb81e0fb8f7153a0821c5b1 (diff)
download: httpd-a66939f8049cfdfe68447cba43b1912ba1589b2a.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index bea7ade6b1..2d7f631bfe 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.4.2
 
+  *) SECURITY: CVE-2012-0883 (cve.mitre.org)
+     envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
+     current working directory to be searched for DSOs. [Stefan Fritsch]
+
   *) mod_xml2enc: Fix broken handling of EOS buckets which could lead to
      response headers not being sent. PR 52766. [Stefan Fritsch]
author	Jim Jagielski <jim@apache.org>	2012-03-08 16:10:51 +0000
committer	Jim Jagielski <jim@apache.org>	2012-03-08 16:10:51 +0000
commit	a66939f8049cfdfe68447cba43b1912ba1589b2a (patch)
tree	2c138ee8213bf4339c61590ef645c628f14f1e59 /CHANGES
parent	d81fdd8ce764dcc94eb81e0fb8f7153a0821c5b1 (diff)
download	httpd-a66939f8049cfdfe68447cba43b1912ba1589b2a.tar.gz