httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject cvs commit: httpd-dist Announcement2.txt
Date Wed, 30 Jun 2004 15:09:50 GMT
wrowe       2004/06/30 08:09:50

  Modified:    .        Announcement2.txt
  Log:
    Not one but two, third apparently is 1.3 only and 2.0 wasn't affected.
    Not HTML-ified
  
  Revision  Changes    Path
  1.39      +5 -1      httpd-dist/Announcement2.txt
  
  Index: Announcement2.txt
  ===================================================================
  RCS file: /home/cvs/httpd-dist/Announcement2.txt,v
  retrieving revision 1.38
  retrieving revision 1.39
  diff -u -r1.38 -r1.39
  --- Announcement2.txt	29 Jun 2004 01:39:46 -0000	1.38
  +++ Announcement2.txt	30 Jun 2004 15:09:49 -0000	1.39
  @@ -8,11 +8,15 @@
   
      This version of Apache is principally a bug fix release.  A summary of
      the bug fixes is given at the end of this document.  Of particular
  -   note is that 2.0.50 addresses one security vulnerability:
  +   note is that 2.0.50 addresses two security vulnerabilities:
   
      A remotely triggered memory leak in http header parsing can allow a
      denial of service attack due to excessive memory consumption.
      [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493]
  +
  +   Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a
  +   (trusted) client certificate subject DN which exceeds 6K in length.
  +   [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488]
   
      This release is compatible with modules compiled for 2.0.42 and later
      versions.  We consider this release to be the best version of Apache
  
  
  

Mime
View raw message