Resolved Bugs
1082903 – CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests
1082908 – CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests [fedora-all]
1149709 – CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value
1149712 – CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value [fedora-all]
1163555 – CVE-2014-3583 httpd: mod_proxy_fcgi handle_headers() buffer over read
1163556 – CVE-2014-3583 httpd: mod_proxy_fcgi heap-based buffer overflow [fedora-all]<br
– core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
– mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
– mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)
– mod_lua: fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments (CVE-2014-8109)