httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject cvs commit: httpd-2.0 CHANGES
Date Tue, 03 Jun 2003 10:38:17 GMT
mjc         2003/06/03 03:38:17

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES
  Log:
  We can talk about this issue now
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.117 +5 -6      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.116
  retrieving revision 1.988.2.117
  diff -u -r1.988.2.116 -r1.988.2.117
  --- CHANGES	31 May 2003 21:54:07 -0000	1.988.2.116
  +++ CHANGES	3 Jun 2003 10:38:14 -0000	1.988.2.117
  @@ -9,12 +9,11 @@
   
   Changes with Apache 2.0.46
   
  -  *) SECURITY [CAN-2003-0245]: Fixed a bug that could be triggered
  -     remotely through mod_dav and possibly other mechanisms, causing
  -     an Apache child process to crash.  The crash was first reported
  -     by David Endler <DEndler@iDefense.com> and was researched and
  -     fixed by Joe Orton <jorton@redhat.com>.  Details will be released
  -     on 30 May 2003.
  +  *) SECURITY [CAN-2003-0245]: Fixed a bug causing apr_pvsprintf() to crash 
  +     by sending an overly long string.  This can be triggered remotely 
  +     through mod_dav, mod_ssl, and other mechanisms.  Reported by David
  +     Endler <DEndler@iDefense.com>.
  +     [Joe Orton <jorton@redhat.com>]
   
     *) SECURITY [CAN-2003-0189]: Fixed a denial-of-service vulnerability
        affecting basic authentication on Unix platforms related to
  
  
  

Mime
View raw message