httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sl...@apache.org
Subject cvs commit: httpd-site/xdocs download.xml index.xml
Date Wed, 15 Sep 2004 15:17:26 GMT
slive       2004/09/15 08:17:26

  Modified:    docs     download.html index.html
               xdocs    download.xml index.xml
  Log:
  2.0.51 Release info to website.
  
  Revision  Changes    Path
  1.58      +21 -20    httpd-site/docs/download.html
  
  Index: download.html
  ===================================================================
  RCS file: /home/cvs/httpd-site/docs/download.html,v
  retrieving revision 1.57
  retrieving revision 1.58
  diff -u -d -u -r1.57 -r1.58
  --- download.html	30 Jun 2004 23:10:13 -0000	1.57
  +++ download.html	15 Sep 2004 15:17:23 -0000	1.58
  @@ -108,17 +108,12 @@
    <tr><td bgcolor="#828DA6">
     <font color="#ffffff" face="arial,helvetica,sanserif">
      <a name="apache20"><strong>Apache
  -2.0.50 is the best available version</strong></a>
  +2.0.51 is the best available version</strong></a>
     </font>
    </td></tr>
    <tr><td>
     <blockquote>
  -<p>This release fixes security problems described in
  -   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">
  -   CAN-2004-0493</a> and
  -   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">
  -   CAN-2004-0488</a>.  It also contains bug fixes and some new features.
  -   For details see the <a href="http://www.apache.org/dist/httpd/Announcement2.html">Official
  +<p>For details see the <a href="http://www.apache.org/dist/httpd/Announcement2.html">Official
      Announcement</a> and the <a href="[preferred]/httpd/CHANGES_2.0">CHANGES_2.0</a>
list.</p>
   <p>Apache 2.0 add-in modules are not compatible with Apache 1.3 modules.
      If you are running third party add-in modules, you will need to obtain
  @@ -127,27 +122,33 @@
   <ul>
   
   <li>Unix Source: 
  -<a href="[preferred]/httpd/httpd-2.0.50.tar.gz">httpd-2.0.50.tar.gz</a> 
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.gz.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.gz.md5">MD5</a>]</li>
  +<a href="[preferred]/httpd/httpd-2.0.51.tar.gz">httpd-2.0.51.tar.gz</a> 
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz.md5">MD5</a>]</li>
   
   <li>Unix Source: 
  -<a href="[preferred]/httpd/httpd-2.0.50.tar.Z">httpd-2.0.50.tar.Z</a> 
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.Z.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.Z.md5">MD5</a>]</li>
  +<a href="[preferred]/httpd/httpd-2.0.51.tar.Z">httpd-2.0.51.tar.Z</a> 
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.51.tar.Z.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.51.tar.Z.md5">MD5</a>]</li>
  +
  +<li>Win32 release not yet available</li>
  +
  +<!--
   
   <li>Win32 Source:
  -<a href="[preferred]/httpd/httpd-2.0.50-win32-src.zip">httpd-2.0.50-win32-src.zip</a>

  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50-win32-src.zip.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50-win32-src.zip.md5">MD5</a>]
  +<a href="[preferred]/httpd/httpd-2.0.51-win32-src.zip">httpd-2.0.51-win32-src.zip</a>

  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.51-win32-src.zip.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.51-win32-src.zip.md5">MD5</a>]
   </li>
   
   <li>Win32 Binary (MSI Installer): 
  -<a href="[preferred]/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi">apache_2.0.50-win32-x86-no_ssl.msi</a>
  -[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi.md5">MD5</a>]
  +<a href="[preferred]/httpd/binaries/win32/apache_2.0.51-win32-x86-no_ssl.msi">apache_2.0.51-win32-x86-no_ssl.msi</a>
  +[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.51-win32-x86-no_ssl.msi.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.51-win32-x86-no_ssl.msi.md5">MD5</a>]
   </li>
   
  +-->
  +
   <li><a href="[preferred]/httpd/">Other files</a></li>
   
   </ul>
  @@ -226,7 +227,7 @@
   % gpg --verify apache_1.3.24.tar.gz.asc
   </code></p>
   <ul>
  -<li>httpd-2.0.50.tar.gz is signed by Sander Striker <code>DE885DD3</code></li>
  +<li>httpd-2.0.51.tar.gz is signed by Sander Striker <code>DE885DD3</code></li>
   <li>httpd-1.3.31.tar.gz is signed by Jim Jagielski <code>08C975E5</code></li>
   </ul>
   <p>Alternatively, you can verify the MD5 signature on the files.  A
  
  
  
  1.83      +22 -17    httpd-site/docs/index.html
  
  Index: index.html
  ===================================================================
  RCS file: /home/cvs/httpd-site/docs/index.html,v
  retrieving revision 1.82
  retrieving revision 1.83
  diff -u -d -u -r1.82 -r1.83
  --- index.html	1 Jul 2004 17:16:36 -0000	1.82
  +++ index.html	15 Sep 2004 15:17:23 -0000	1.83
  @@ -94,30 +94,35 @@
              <table border="0" cellspacing="0" cellpadding="2" width="100%">
    <tr><td bgcolor="#525D76">
     <font color="#ffffff" face="arial,helvetica,sanserif">
  -   <a name="2.0.50"><strong>Apache 2.0.50 Released</strong></a>
  +   <a name="2.0.51"><strong>Apache 2.0.51 Released</strong></a>
     </font>
    </td></tr>
    <tr><td>
     <blockquote>
   <p>The Apache HTTP Server Project is proud to <a href="http://www.apache.org/dist/httpd/Announcement2.html">announce</a>
the
  -release of version 2.0.50 of the Apache HTTP Server ("Apache").
  -(translations are available for 
  -<a href="http://www.apache.org/dist/httpd/Announcement2.html.de">German</a>
  -and
  -<a href="http://www.apache.org/dist/httpd/Announcement2.html.ja">Japanese</a>
  -language)
  -</p>
  -<p>This version of Apache is principally a bug fix release.  Of particular
  -   note is that 2.0.50 addresses two security vulnerabilities:</p>
  -<p>A remotely triggered memory leak in http header parsing can allow a
  -   denial of service attack due to excessive memory consumption.<br />
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">CAN-2004-0493</a>]</code></p>
  -<p>Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a
  -   (trusted) client certificate subject DN which exceeds 6K in length.<br />
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>]</code></p>
  +release of version 2.0.51 of the Apache HTTP Server ("Apache").</p>
  +<p>This version of Apache is principally a bug fix release.  Of
  +   particular note is that 2.0.51 addresses five security
  +   vulnerabilities:</p>
  +<p>An input validation issue in IPv6 literal address parsing which
  +   can result in a negative length parameter being passed to memcpy.<br />
  +   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786">CAN-2004-0786</a>]</code></p>
  +<p>A buffer overflow in configuration file parsing could allow a
  +   local user to gain the privileges of a httpd child if the server
  +   can be forced to parse a carefully crafted .htaccess file.<br />
  +   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747">CAN-2004-0747</a>]</code></p>
  +<p>A segfault in mod_ssl which can be triggered by a malicious
  +   remote server, if proxying to SSL servers has been configured.<br />
  +   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751">CAN-2004-0751</a>]</code></p>
  +<p>A potential infinite loop in mod_ssl which could be triggered 
  +   given particular timing of a connection abort.<br />
  +   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748">CAN-2004-0748</a>]</code></p>
  +<p>A segfault in mod_dav_fs which can be remotely triggered by an
  +   indirect lock refresh request.<br />
  +   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809">CAN-2004-0809</a>]</code></p>
   <p>For further details, see the <a href="http://www.apache.org/dist/httpd/Announcement2.html">announcement</a>.</p>
   <p align="center">
  -<a href="download.cgi">Download</a> | 
  +<a href="download.cgi?update=200409150645">Download</a> | 
   <a href="docs-2.0/new_features_2_0.html">New Features in Apache 2.0</a> |
   <a href="http://www.apache.org/dist/httpd/CHANGES_2.0.50">ChangeLog for 2.0.50</a>
|
   <a href="http://www.apache.org/dist/httpd/CHANGES_2.0">ChangeLog for 2.0</a>
  
  
  
  1.52      +21 -20    httpd-site/xdocs/download.xml
  
  Index: download.xml
  ===================================================================
  RCS file: /home/cvs/httpd-site/xdocs/download.xml,v
  retrieving revision 1.51
  retrieving revision 1.52
  diff -u -d -u -r1.51 -r1.52
  --- download.xml	30 Jun 2004 23:10:13 -0000	1.51
  +++ download.xml	15 Sep 2004 15:17:25 -0000	1.52
  @@ -55,14 +55,9 @@
   
   
   <section id="apache20"><title>Apache
  -2.0.50 is the best available version</title>
  +2.0.51 is the best available version</title>
   
  -<p>This release fixes security problems described in
  -   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">
  -   CAN-2004-0493</a> and
  -   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">
  -   CAN-2004-0488</a>.  It also contains bug fixes and some new features.
  -   For details see the <a
  +<p>For details see the <a
      href="http://www.apache.org/dist/httpd/Announcement2.html">Official
      Announcement</a> and the <a
      href="[preferred]/httpd/CHANGES_2.0">CHANGES_2.0</a> list.</p>
  @@ -75,27 +70,33 @@
   <ul>
   
   <li>Unix Source: 
  -<a href="[preferred]/httpd/httpd-2.0.50.tar.gz">httpd-2.0.50.tar.gz</a> 
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.gz.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.gz.md5">MD5</a>]</li>
  +<a href="[preferred]/httpd/httpd-2.0.51.tar.gz">httpd-2.0.51.tar.gz</a> 
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz.md5">MD5</a>]</li>
   
   <li>Unix Source: 
  -<a href="[preferred]/httpd/httpd-2.0.50.tar.Z">httpd-2.0.50.tar.Z</a> 
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.Z.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.Z.md5">MD5</a>]</li>
  +<a href="[preferred]/httpd/httpd-2.0.51.tar.Z">httpd-2.0.51.tar.Z</a> 
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.51.tar.Z.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.51.tar.Z.md5">MD5</a>]</li>
  +
  +<li>Win32 release not yet available</li>
  +
  +<!--
   
   <li>Win32 Source:
  -<a href="[preferred]/httpd/httpd-2.0.50-win32-src.zip">httpd-2.0.50-win32-src.zip</a>

  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50-win32-src.zip.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50-win32-src.zip.md5">MD5</a>]
  +<a href="[preferred]/httpd/httpd-2.0.51-win32-src.zip">httpd-2.0.51-win32-src.zip</a>

  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.51-win32-src.zip.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.51-win32-src.zip.md5">MD5</a>]
   </li>
   
   <li>Win32 Binary (MSI Installer): 
  -<a href="[preferred]/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi">apache_2.0.50-win32-x86-no_ssl.msi</a>
  -[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi.md5">MD5</a>]
  +<a href="[preferred]/httpd/binaries/win32/apache_2.0.51-win32-x86-no_ssl.msi">apache_2.0.51-win32-x86-no_ssl.msi</a>
  +[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.51-win32-x86-no_ssl.msi.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.51-win32-x86-no_ssl.msi.md5">MD5</a>]
   </li>
   
  +-->
  +
   <li><a href="[preferred]/httpd/">Other files</a></li>
   
   </ul>
  @@ -182,7 +183,7 @@
   </code></p>
   
   <ul>
  -<li>httpd-2.0.50.tar.gz is signed by Sander Striker <code>DE885DD3</code></li>
  +<li>httpd-2.0.51.tar.gz is signed by Sander Striker <code>DE885DD3</code></li>
   <li>httpd-1.3.31.tar.gz is signed by Jim Jagielski <code>08C975E5</code></li>
   </ul>
   
  
  
  
  1.61      +33 -20    httpd-site/xdocs/index.xml
  
  Index: index.xml
  ===================================================================
  RCS file: /home/cvs/httpd-site/xdocs/index.xml,v
  retrieving revision 1.60
  retrieving revision 1.61
  diff -u -d -u -r1.60 -r1.61
  --- index.xml	1 Jul 2004 17:16:36 -0000	1.60
  +++ index.xml	15 Sep 2004 15:17:25 -0000	1.61
  @@ -37,40 +37,53 @@
   your downloads using PGP or MD5 signatures!</p>
   </section>
   
  -<section id="2.0.50">
  -<title>Apache 2.0.50 Released</title>
  +<section id="2.0.51">
  +<title>Apache 2.0.51 Released</title>
   
   <p>The Apache HTTP Server Project is proud to <a
   href="http://www.apache.org/dist/httpd/Announcement2.html">announce</a> the
  -release of version 2.0.50 of the Apache HTTP Server ("Apache").
  -(translations are available for 
  -<a href="http://www.apache.org/dist/httpd/Announcement2.html.de">German</a>
  -and
  -<a href="http://www.apache.org/dist/httpd/Announcement2.html.ja">Japanese</a>
  -language)
  -</p>
  +release of version 2.0.51 of the Apache HTTP Server ("Apache").</p>
   
  -<p>This version of Apache is principally a bug fix release.  Of particular
  -   note is that 2.0.50 addresses two security vulnerabilities:</p>
  +<p>This version of Apache is principally a bug fix release.  Of
  +   particular note is that 2.0.51 addresses five security
  +   vulnerabilities:</p>
   
  -<p>A remotely triggered memory leak in http header parsing can allow a
  -   denial of service attack due to excessive memory consumption.<br/>
  +<p>An input validation issue in IPv6 literal address parsing which
  +   can result in a negative length parameter being passed to memcpy.<br/>
      <code>[<a
  -   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493"
  -   >CAN-2004-0493</a>]</code></p>
  +   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786"
  +   >CAN-2004-0786</a>]</code></p>
   
  -<p>Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a
  -   (trusted) client certificate subject DN which exceeds 6K in length.<br/>
  +<p>A buffer overflow in configuration file parsing could allow a
  +   local user to gain the privileges of a httpd child if the server
  +   can be forced to parse a carefully crafted .htaccess file.<br/>
      <code>[<a
  -   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488"
  -   >CAN-2004-0488</a>]</code></p>
  +   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747"
  +   >CAN-2004-0747</a>]</code></p>
  +   
  +<p>A segfault in mod_ssl which can be triggered by a malicious
  +   remote server, if proxying to SSL servers has been configured.<br/>
  +   <code>[<a
  +   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751"
  +   >CAN-2004-0751</a>]</code></p>
   
  +<p>A potential infinite loop in mod_ssl which could be triggered 
  +   given particular timing of a connection abort.<br/>
  +   <code>[<a
  +   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748"
  +   >CAN-2004-0748</a>]</code></p>
  +
  +<p>A segfault in mod_dav_fs which can be remotely triggered by an
  +   indirect lock refresh request.<br/>
  +   <code>[<a
  +   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809"
  +   >CAN-2004-0809</a>]</code></p>
   
   <p>For further details, see the <a
   href="http://www.apache.org/dist/httpd/Announcement2.html">announcement</a>.</p>
   
   <p align="center">
  -<a href="download.cgi">Download</a> | 
  +<a href="download.cgi?update=200409150645">Download</a> | 
   <a href="docs-2.0/new_features_2_0.html">New Features in Apache 2.0</a> |
   <a href="http://www.apache.org/dist/httpd/CHANGES_2.0.50">ChangeLog for 2.0.50</a>
|
   <a href="http://www.apache.org/dist/httpd/CHANGES_2.0">ChangeLog for 2.0</a>
  
  
  

Mime
View raw message