httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From k...@apache.org
Subject cvs commit: httpd-dist Announcement2.html Announcement2.txt
Date Wed, 30 Jun 2004 18:20:31 GMT
kess        2004/06/30 11:20:31

  Modified:    .        Announcement2.html Announcement2.txt
  Log:
  oups, I've overwritten wrowes changes
  
  Revision  Changes    Path
  1.46      +8 -4      httpd-dist/Announcement2.html
  
  Index: Announcement2.html
  ===================================================================
  RCS file: /home/cvs/httpd-dist/Announcement2.html,v
  retrieving revision 1.45
  retrieving revision 1.46
  diff -u -r1.45 -r1.46
  --- Announcement2.html	30 Jun 2004 18:10:06 -0000	1.45
  +++ Announcement2.html	30 Jun 2004 18:20:30 -0000	1.46
  @@ -33,12 +33,16 @@
   
   <p>A remotely triggered memory leak in http header parsing can allow a
      denial of service attack due to excessive memory consumption.<br>
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">CAN-2004-0493</a>]</code></p>
  +   <code>[<a
  +   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493"
  +   >CAN-2004-0493</a>]</code></p>
   
   
  -<p>A SSL client certificate subject DN with more than 6K length could 
  -   produce a buffer overflow in the FakeBasicAuth code.<br>
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>]</code></p>
  +<p>Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a
  +   (trusted) client certificate subject DN which exceeds 6K in length.<br>
  +   <code>[<a 
  +   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488"
  +   >CAN-2004-0488</a>]</code></p>
   
   
   <p>This release is compatible with modules compiled for 2.0.42 and later
  
  
  
  1.41      +2 -2      httpd-dist/Announcement2.txt
  
  Index: Announcement2.txt
  ===================================================================
  RCS file: /home/cvs/httpd-dist/Announcement2.txt,v
  retrieving revision 1.40
  retrieving revision 1.41
  diff -u -r1.40 -r1.41
  --- Announcement2.txt	30 Jun 2004 18:10:06 -0000	1.40
  +++ Announcement2.txt	30 Jun 2004 18:20:30 -0000	1.41
  @@ -17,8 +17,8 @@
        denial of service attack due to excessive memory consumption.
        [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493]
   
  -     A SSL client certificate subject DN with more than 6K length could 
  -     produce a buffer overflow in the FakeBasicAuth code.
  +     Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a
  +     (trusted) client certificate subject DN which exceeds 6K in length.
        [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488]
    
      This release is compatible with modules compiled for 2.0.42 and later
  
  
  

Mime
View raw message