httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sl...@apache.org
Subject cvs commit: httpd-site/docs index.html
Date Thu, 01 Jul 2004 14:21:38 GMT
slive       2004/07/01 07:21:38

  Modified:    xdocs    index.xml
               docs     index.html
  Log:
  Remove the old cookie bug stuff and correct the
  number of security issues.
  
  Revision  Changes    Path
  1.59      +1 -33     httpd-site/xdocs/index.xml
  
  Index: index.xml
  ===================================================================
  RCS file: /home/cvs/httpd-site/xdocs/index.xml,v
  retrieving revision 1.58
  retrieving revision 1.59
  diff -u -d -b -u -r1.58 -r1.59
  --- index.xml	30 Jun 2004 23:23:27 -0000	1.58
  +++ index.xml	1 Jul 2004 14:21:37 -0000	1.59
  @@ -37,38 +37,6 @@
   your downloads using PGP or MD5 signatures!</p>
   </section>
   
  -<section id="bugnotice">
  -<title>Important Bug Workaround for 2.0.48 and 1.3.29</title>
  -
  -<p>If you use mod_usertrack with the default
  -<a href="http://httpd.apache.org/docs-2.0/mod/mod_usertrack.html#cookiename">CookieName</a>
(ie, there is no CookieName directive in your config file), then
  -you will encounter a bug in 2.0.48 and 1.3.29.
  -</p>
  -
  -<p>The patch that was added to these versions to help prevent false-positive
  -matches of the CookieName did not take into account this case, and therefore
  -the regular expression that is now used in the matching process will be NULL
  -if no CookieName directive was encountered.</p>
  -
  -<p>This problem has been fixed in both 2.0.49 and 1.3.31.
  -As a simple workaround in 2.0.48 and 1.3.29, simply add the
  -line:
  -</p>
  -
  -<p><b><code>CookieName Apache</code></b></p>
  -
  -<p>
  -to your config file.  While you're at it, you could pick a more
  -meaningful cookie name than "Apache", but any cookie name will do.
  -</p>
  -
  -<p>
  -For more details, please see
  -<a href="http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24483">PR#24483</a>
  -in the bug database.
  -</p>
  -</section>
  -
   <section id="2.0.50">
   <title>Apache 2.0.50 Released</title>
   
  @@ -80,7 +48,7 @@
   </p>
   
   <p>This version of Apache is principally a bug fix release.  Of particular
  -   note is that 2.0.50 addresses one security vulnerability:</p>
  +   note is that 2.0.50 addresses two security vulnerabilities:</p>
   
   <p>A remotely triggered memory leak in http header parsing can allow a
      denial of service attack due to excessive memory consumption.<br/>
  
  
  
  1.81      +1 -34     httpd-site/docs/index.html
  
  Index: index.html
  ===================================================================
  RCS file: /home/cvs/httpd-site/docs/index.html,v
  retrieving revision 1.80
  retrieving revision 1.81
  diff -u -d -b -u -r1.80 -r1.81
  --- index.html	30 Jun 2004 23:23:27 -0000	1.80
  +++ index.html	1 Jul 2004 14:21:38 -0000	1.81
  @@ -94,39 +94,6 @@
              <table border="0" cellspacing="0" cellpadding="2" width="100%">
    <tr><td bgcolor="#525D76">
     <font color="#ffffff" face="arial,helvetica,sanserif">
  -   <a name="bugnotice"><strong>Important Bug Workaround for 2.0.48 and 1.3.29</strong></a>
  -  </font>
  - </td></tr>
  - <tr><td>
  -  <blockquote>
  -<p>If you use mod_usertrack with the default
  -<a href="http://httpd.apache.org/docs-2.0/mod/mod_usertrack.html#cookiename">CookieName</a>
(ie, there is no CookieName directive in your config file), then
  -you will encounter a bug in 2.0.48 and 1.3.29.
  -</p>
  -<p>The patch that was added to these versions to help prevent false-positive
  -matches of the CookieName did not take into account this case, and therefore
  -the regular expression that is now used in the matching process will be NULL
  -if no CookieName directive was encountered.</p>
  -<p>This problem has been fixed in both 2.0.49 and 1.3.31.
  -As a simple workaround in 2.0.48 and 1.3.29, simply add the
  -line:
  -</p>
  -<p><b><code>CookieName Apache</code></b></p>
  -<p>
  -to your config file.  While you're at it, you could pick a more
  -meaningful cookie name than "Apache", but any cookie name will do.
  -</p>
  -<p>
  -For more details, please see
  -<a href="http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24483">PR#24483</a>
  -in the bug database.
  -</p>
  -  </blockquote>
  - </td></tr>
  -</table>
  -           <table border="0" cellspacing="0" cellpadding="2" width="100%">
  - <tr><td bgcolor="#525D76">
  -  <font color="#ffffff" face="arial,helvetica,sanserif">
      <a name="2.0.50"><strong>Apache 2.0.50 Released</strong></a>
     </font>
    </td></tr>
  @@ -138,7 +105,7 @@
   <a href="http://www.apache.org/dist/httpd/Announcement2.html.de">here</a>)
   </p>
   <p>This version of Apache is principally a bug fix release.  Of particular
  -   note is that 2.0.50 addresses one security vulnerability:</p>
  +   note is that 2.0.50 addresses two security vulnerabilities:</p>
   <p>A remotely triggered memory leak in http header parsing can allow a
      denial of service attack due to excessive memory consumption.<br />
      <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">CAN-2004-0493</a>]</code></p>
  
  
  

Mime
View raw message