Security release 0.8.1.

olavmo-sikt · olavmo-sikt · commit 36e9738fde1a · 2014-11-03T12:00:05.000+01:00
diff --git a/NEWS b/NEWS
@@ -1,3 +1,19 @@
+Version 0.8.1
+---------------------------------------------------------------------------
+
+This is a security release with fixes backported from version 0.9.1.
+
+It turned out that session overflow bugs fixes in version 0.9.0 and
+0.9.1 can lead to information disclosure, where data from one session
+is leaked to another session. Depending on how this data is used by the
+web application, this may lead to data from one session being disclosed
+to an user in a different session. (CVE-2014-8566)
+
+In addition to the information disclosure, this release contains some
+fixes for logout processing, where logout requests would crash the
+Apache web server. (CVE-2014-8567)
+
+
 Version 0.8.0
 ---------------------------------------------------------------------------
 
diff --git a/configure.ac b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([mod_auth_mellon],[0.8.0],[olav.morken@uninett.no])
+AC_INIT([mod_auth_mellon],[0.8.1],[olav.morken@uninett.no])
 
 # We require support for C99.
 AC_PROG_CC_C99

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-AC_INIT([mod_auth_mellon],[0.8.0],[[email protected]])`
	`1`	`+AC_INIT([mod_auth_mellon],[0.8.1],[[email protected]])`
`2`	`2`
`3`	`3`	`# We require support for C99.`
`4`	`4`	`AC_PROG_CC_C99`