Security release 0.8.1.
This commit is contained in:
parent
013faf8d08
commit
36e9738fde
16
NEWS
16
NEWS
|
@ -1,3 +1,19 @@
|
|||
Version 0.8.1
|
||||
---------------------------------------------------------------------------
|
||||
|
||||
This is a security release with fixes backported from version 0.9.1.
|
||||
|
||||
It turned out that session overflow bugs fixes in version 0.9.0 and
|
||||
0.9.1 can lead to information disclosure, where data from one session
|
||||
is leaked to another session. Depending on how this data is used by the
|
||||
web application, this may lead to data from one session being disclosed
|
||||
to an user in a different session. (CVE-2014-8566)
|
||||
|
||||
In addition to the information disclosure, this release contains some
|
||||
fixes for logout processing, where logout requests would crash the
|
||||
Apache web server. (CVE-2014-8567)
|
||||
|
||||
|
||||
Version 0.8.0
|
||||
---------------------------------------------------------------------------
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
AC_INIT([mod_auth_mellon],[0.8.0],[olav.morken@uninett.no])
|
||||
AC_INIT([mod_auth_mellon],[0.8.1],[olav.morken@uninett.no])
|
||||
|
||||
# We require support for C99.
|
||||
AC_PROG_CC_C99
|
||||
|
|
Loading…
Reference in New Issue