httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ge...@apache.org
Subject cvs commit: httpd-2.0 CHANGES
Date Tue, 21 Sep 2004 13:23:48 GMT
geoff       2004/09/21 06:23:48

  Modified:    .        CHANGES
  Log:
  SECURITY: CAN-2004-0811 officially part of 2.0.52
  
  Revision  Changes    Path
  1.1595    +5 -5      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1594
  retrieving revision 1.1595
  diff -u -r1.1594 -r1.1595
  --- CHANGES	20 Sep 2004 20:12:19 -0000	1.1594
  +++ CHANGES	21 Sep 2004 13:23:47 -0000	1.1595
  @@ -2,11 +2,6 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  -  *) SECURITY: CAN-2004-0811 (cve.mitre.org)
  -     Fix merging of the Satisfy directive, which was applied to 
  -     the surrounding context and could allow access despite configured
  -     authentication.  PR 31315.  [Rici Lake <rici ricilake.net>]
  -
     *) Fix the global mutex crash when the global mutex is never allocated due
        to disabled/empty caches. [Jess Holle <jessh ptc.com>]
   
  @@ -418,6 +413,11 @@
      Apache 2.0.xx tree as documented, and except as noted, below.]
   
   Changes with Apache 2.0.52
  +
  +  *) SECURITY: CAN-2004-0811 (cve.mitre.org)
  +     Fix merging of the Satisfy directive, which was applied to
  +     the surrounding context and could allow access despite configured
  +     authentication.  PR 31315.  [Rici Lake <rici ricilake.net>]
   
     *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
        is enabled.  Previously, such urls would still be rejected.
  
  
  

Mime
View raw message