httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject cvs commit: httpd-2.0 CHANGES
Date Tue, 03 Jun 2003 10:44:31 GMT
mjc         2003/06/03 03:44:30

  Modified:    .        CHANGES
  Log:
  Apply missing security fix CHANGELOG entries to head
  
  Revision  Changes    Path
  1.1193    +11 -0     httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1192
  retrieving revision 1.1193
  diff -u -r1.1192 -r1.1193
  --- CHANGES	1 Jun 2003 15:10:29 -0000	1.1192
  +++ CHANGES	3 Jun 2003 10:44:29 -0000	1.1193
  @@ -143,6 +143,17 @@
   
   Changes with Apache 2.0.46
   
  +  *) SECURITY [CAN-2003-0245]: Fixed a bug causing apr_pvsprintf() to crash 
  +     by sending an overly long string.  This can be triggered remotely 
  +     through mod_dav, mod_ssl, and other mechanisms.  Reported by David
  +     Endler <DEndler@iDefense.com>.
  +     [Joe Orton <jorton@redhat.com>]
  +
  +  *) SECURITY [CAN-2003-0189]: Fixed a denial-of-service vulnerability
  +     affecting basic authentication on Unix platforms related to
  +     thread-safety in apr_password_validate().  The problem was reported
  +     by John Hughes <john.hughes@entegrity.com>.
  +
     *) Fix for mod_dav.  Call the 'can_be_activity' callback, if provided,
        when a MKACTIVITY request comes in.
        [Ben Collins-Sussman <sussman@collab.net>]
  
  
  

Mime
View raw message