httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject cvs commit: httpd-2.0 CHANGES
Date Fri, 04 Oct 2002 09:08:47 GMT
mjc         2002/10/04 02:08:47

  Modified:    .        CHANGES
  Log:
  This is worthy of a CVE name, thanks to Joe for the headsup and text
  Obtained from: Joe Orton
  
  Revision  Changes    Path
  1.950     +3 -2      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.949
  retrieving revision 1.950
  diff -u -r1.949 -r1.950
  --- CHANGES	3 Oct 2002 18:15:33 -0000	1.949
  +++ CHANGES	4 Oct 2002 09:08:46 -0000	1.950
  @@ -34,8 +34,9 @@
        could lead to an infinite loop.  PR 12705  
        [amund.elstad@ergo.no (Amund Elstad), Jeff Trawick]
   
  -  *) SECURITY: Allow POST requests and CGI scripts to work when DAV 
  -     is enabled on the location.  [Ryan Bloom]
  +  *) SECURITY: CAN-2002-1156 (cve.mitre.org)
  +      Fix the exposure of CGI source when a POST request is sent to 
  +      a location where both DAV and CGI are enabled. [Ryan Bloom]
   
     *) Allow the UserDir directive to accept a list of directories.
        This matches what Apache 1.3 does.  Also add documentation for
  
  
  

Mime
View raw message