From cvs-return-20193-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org Tue Sep 21 13:25:42 2004 Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 36867 invoked from network); 21 Sep 2004 13:25:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 21 Sep 2004 13:25:40 -0000 Received: (qmail 22471 invoked by uid 500); 21 Sep 2004 13:23:56 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 21974 invoked by uid 500); 21 Sep 2004 13:23:52 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 21821 invoked by uid 500); 21 Sep 2004 13:23:51 -0000 Delivered-To: apmail-httpd-2.0-cvs@apache.org Received: (qmail 21817 invoked by uid 99); 21 Sep 2004 13:23:51 -0000 X-ASF-Spam-Status: No, hits=-10.0 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.28) with SMTP; Tue, 21 Sep 2004 06:23:50 -0700 Received: (qmail 35689 invoked by uid 1462); 21 Sep 2004 13:23:48 -0000 Date: 21 Sep 2004 13:23:48 -0000 Message-ID: <20040921132348.35688.qmail@minotaur.apache.org> From: geoff@apache.org To: httpd-2.0-cvs@apache.org Subject: cvs commit: httpd-2.0 CHANGES X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N geoff 2004/09/21 06:23:48 Modified: . CHANGES Log: SECURITY: CAN-2004-0811 officially part of 2.0.52 Revision Changes Path 1.1595 +5 -5 httpd-2.0/CHANGES Index: CHANGES =================================================================== RCS file: /home/cvs/httpd-2.0/CHANGES,v retrieving revision 1.1594 retrieving revision 1.1595 diff -u -r1.1594 -r1.1595 --- CHANGES 20 Sep 2004 20:12:19 -0000 1.1594 +++ CHANGES 21 Sep 2004 13:23:47 -0000 1.1595 @@ -2,11 +2,6 @@ [Remove entries to the current 2.0 section below, when backported] - *) SECURITY: CAN-2004-0811 (cve.mitre.org) - Fix merging of the Satisfy directive, which was applied to - the surrounding context and could allow access despite configured - authentication. PR 31315. [Rici Lake ] - *) Fix the global mutex crash when the global mutex is never allocated due to disabled/empty caches. [Jess Holle ] @@ -418,6 +413,11 @@ Apache 2.0.xx tree as documented, and except as noted, below.] Changes with Apache 2.0.52 + + *) SECURITY: CAN-2004-0811 (cve.mitre.org) + Fix merging of the Satisfy directive, which was applied to + the surrounding context and could allow access despite configured + authentication. PR 31315. [Rici Lake ] *) Fix the handling of URIs containing %2F when AllowEncodedSlashes is enabled. Previously, such urls would still be rejected.