httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject cvs commit: apache-1.3/src CHANGES
Date Sat, 27 Jun 1998 17:58:41 GMT
brian       98/06/27 10:58:40

  Modified:    src      CHANGES
  All those who submit code towards a problem, not just the final integrator
  (despite any amount of rework) should be credited.
  Revision  Changes    Path
  1.935     +2 -2      apache-1.3/src/CHANGES
  Index: CHANGES
  RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.934
  retrieving revision 1.935
  diff -u -r1.934 -r1.935
  --- CHANGES	1998/06/27 17:24:06	1.934
  +++ CHANGES	1998/06/27 17:58:38	1.935
  @@ -5,7 +5,7 @@
     *) Win32 (security): Eliminate trailing "."s in path components. These are
        ignored by the Windows filesystem, and so can be used to bypass security.
  -	 [Ben Laurie, Alexei Kosut].
  +	 [Ben Laurie, Alexei Kosut, W G Stoddard].
     *) We now attempt to dump core when we get SIGILL. [Jim Jagielski]
  @@ -23,7 +23,7 @@
     *) Win32 (security): Eliminate directories consisting of three or more dots;
        these are treated by Win32 as if they are ".." but are not detected by
        other machinery within Apache. This is something of a kludge but
  -     eliminates a security hole. [Ben Laurie]
  +     eliminates a security hole. [W G Stoddard, Ben Laurie]
     *) Move ap_escape_quotes() from src/ap to src/main/util.c; it uses
        pools and thus pollutes libap (until the pool stuff is moved there).

View raw message