httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stodd...@apache.org
Subject cvs commit: apache-1.3/src CHANGES
Date Fri, 19 Apr 2002 18:37:05 GMT
stoddard    02/04/19 11:37:05

  Modified:    src      CHANGES
  Log:
  Flag this a bit more clearly as a security issue...
  
  Revision  Changes    Path
  1.1808    +2 -1      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1807
  retrieving revision 1.1808
  diff -u -r1.1807 -r1.1808
  --- CHANGES	19 Apr 2002 11:15:18 -0000	1.1807
  +++ CHANGES	19 Apr 2002 18:37:05 -0000	1.1808
  @@ -34,7 +34,8 @@
     *) Fixed a segfault in mod_include when #if, #elif, #else, or #endif
        directives were improperly terminated.  [Cliff Woolley]
   
  -  *) Introduce proper escaping of command.com and cmd.exe for Win32.
  +  *) Win32 Security: CAN-2002-0061
  +     Introduce proper escaping of command.com and cmd.exe for Win32.
        These patches close vulnerability CAN-2002-0061, identified and
        reported by Ory Segal <ory.segal@sanctuminc>, by which any CGI
        invocation of .bat or .cmd files could compromise the system 
  
  
  

Mime
View raw message