httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jerenkra...@apache.org
Subject cvs commit: httpd-2.0 CHANGES
Date Wed, 28 May 2003 04:50:17 GMT
jerenkrantz    2003/05/27 21:50:17

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES
  Log:
  Add the two security notes (fixes are in apr and apr-util).
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.988.2.114 +11 -8     httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.113
  retrieving revision 1.988.2.114
  diff -u -u -r1.988.2.113 -r1.988.2.114
  --- CHANGES	27 May 2003 23:45:11 -0000	1.988.2.113
  +++ CHANGES	28 May 2003 04:50:15 -0000	1.988.2.114
  @@ -1,13 +1,16 @@
  -Changes with Apache 2.0.47
  -
  -  *) mod_negotiation: Introduce "prefer-language" environment variable,
  -     which allows to influence the negotiation process on request basis
  -     to prefer a certain language.  [André Malo]
  +Changes with Apache 2.0.46
   
  -  *) Make mod_expires' ExpiresByType work properly, including for
  -     dynamically-generated documents.  [Ken Coar]
  +  *) SECURITY [CAN-2003-0245]: Fixed a bug that could be triggered
  +     remotely through mod_dav and possibly other mechanisms, causing
  +     an Apache child process to crash.  The crash was first reported
  +     by David Endler <DEndler@iDefense.com> and was researched and
  +     fixed by Joe Orton <jorton@redhat.com>.  Details will be released
  +     on 30 May 2003.
   
  -Changes with Apache 2.0.46
  +  *) SECURITY [CAN-2003-0189]: Fixed a denial-of-service vulnerability
  +     affecting basic authentication on Unix platforms related to
  +     thread-safety in apr_password_validate().  The problem was reported
  +     by John Hughes <john.hughes@entegrity.com>.
   
     *) Fix for mod_dav.  Call the 'can_be_activity' callback, if provided,
        when a MKACTIVITY request comes in.
  
  
  

Mime
View raw message