httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject cvs commit: httpd-dist .htaccess Announcement.html Announcement.txt Announcement.txt.ja
Date Thu, 28 Oct 2004 20:06:10 GMT
jim         2004/10/28 13:06:10

  Modified:    .        .htaccess Announcement.html Announcement.txt
                        Announcement.txt.ja
  Log:
  1.3.33
  
  Revision  Changes    Path
  1.105     +4 -4      httpd-dist/.htaccess
  
  Index: .htaccess
  ===================================================================
  RCS file: /home/cvs/httpd-dist/.htaccess,v
  retrieving revision 1.104
  retrieving revision 1.105
  diff -u -r1.104 -r1.105
  --- .htaccess	21 Oct 2004 12:40:45 -0000	1.104
  +++ .htaccess	28 Oct 2004 20:06:09 -0000	1.105
  @@ -20,11 +20,11 @@
   AddDescription "Source code patch" *.patch
   AddDescription "Apache 2.0 Release Note" Announcement2
   AddDescription "Apache 1.3 Release Note" Announcement
  -AddDescription "Current Release 1.3.32" apache_1.3.32   apache_1.3.32_
  +AddDescription "Current Release 1.3.33" apache_1.3.33   apache_1.3.33_
   AddDescription "Patch to fix mod_rewrite" apache_1.3.*-fix.diff
  -AddDescription "1.3.32 compressed source" apache_1.3.32.tar.Z
  -AddDescription "1.3.32 gzipped source" apache_1.3.32.tar.gz
  -AddDescription "1.3.32 pkzipped source" apache_1.3.32.zip
  +AddDescription "1.3.33 compressed source" apache_1.3.33.tar.Z
  +AddDescription "1.3.33 gzipped source" apache_1.3.33.tar.gz
  +AddDescription "1.3.33 pkzipped source" apache_1.3.33.zip
   AddDescription "2.0.50 compressed source" httpd-2.0.50.tar.Z
   AddDescription "2.0.50 gzipped source" httpd-2.0.50.tar.gz
   AddDescription "2.0.52 compressed source" httpd-2.0.52.tar.Z
  
  
  
  1.24      +18 -10    httpd-dist/Announcement.html
  
  Index: Announcement.html
  ===================================================================
  RCS file: /home/cvs/httpd-dist/Announcement.html,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- Announcement.html	21 Oct 2004 13:18:33 -0000	1.23
  +++ Announcement.html	28 Oct 2004 20:06:09 -0000	1.24
  @@ -15,12 +15,12 @@
   <IMG SRC="../../images/apache_sub.gif" ALT="">
   
   
  -<h1>Apache HTTP Server 1.3.32 Released</h1>
  +<h1>Apache HTTP Server 1.3.33 Released</h1>
                                          
   <p> The Apache Software Foundation and The Apache HTTP Server Project are
  -   pleased to announce the release of version 1.3.32 of the Apache HTTP
  +   pleased to announce the release of version 1.3.33 of the Apache HTTP
      Server ("Apache").  This Announcement notes the significant changes
  -   in 1.3.32 as compared to 1.3.31.
  +   in 1.3.33 as compared to 1.3.31 (1.3.32 was not formally released).
      The Announcement is also available in German and Japanese from:</p>
   <dl>   
     <dd><a href="http://www.apache.org/dist/httpd/Announcement.html.de"
  @@ -34,22 +34,26 @@
   <p>This version of Apache is principally a bug and security fix release.
      A partial summary of the bug fixes is given at the end of this document.
      A full listing of changes can be found in the CHANGES file.  Of
  -   particular note is that 1.3.32 addresses and fixes 1 potential
  -   security issue:</p>
  +   particular note is that 1.3.33 addresses and fixes 2 potential
  +   security issues:</p>
   
   <ul>
  +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940">
  +       CAN-2004-0940 (cve.mitre.org)</a><br>
  +       Fix potential buffer overflow with escaped characters in
  +       SSI tag string.</li>
   <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">
          CAN-2004-0492 (cve.mitre.org)</a><br>
          Reject responses from a remote server if sent an invalid
          (negative) Content-Length.</li>
   </ul>
   
  -<p>We consider Apache 1.3.32 to be the best version of Apache 1.3 available
  +<p>We consider Apache 1.3.33 to be the best version of Apache 1.3 available
      and we strongly recommend that users of older versions, especially of
      the 1.1.x and 1.2.x family, upgrade as soon as possible.  No further
      releases will be made in the 1.2.x family.</p>
   
  -<p>Apache 1.3.32 is available for download from</p>
  +<p>Apache 1.3.33 is available for download from</p>
   <dl>
       <dd><a href="http://httpd.apache.org/download.cgi">http://httpd.apache.org/download.cgi</a></dd>
   </dl>
  @@ -107,13 +111,17 @@
      of the servers on the Internet are running Apache or one of its
      variants.</p>
   
  -<h2>Apache 1.3.32 Major changes</h2>
  +<h2>Apache 1.3.33 Major changes</h2>
   <h3>Security vulnerabilities</h3>
   
   <p>
  -   The main security vulnerabilities addressed in 1.3.32 are:
  +   The main security vulnerabilities addressed in 1.3.33 are:
   </p>
   <ul>
  +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940">
  +       CAN-2004-0940 (cve.mitre.org)</a><br>
  +       Fix potential buffer overflow with escaped characters in
  +       SSI tag string.</li>
   <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">
          CAN-2004-0492 (cve.mitre.org)</a><br>
          Reject responses from a remote server if sent an invalid
  @@ -142,7 +150,7 @@
   <h3>Bugs fixed</h3>
   <p>
      The following bugs were found in Apache 1.3.31 (or earlier) and have been fixed in
  -   Apache 1.3.32:
  +   Apache 1.3.33:
   </p>
   <ul>
        <li><code>mod_rewrite</code>: Fix query string handling for proxied
URLs. PR 14518.</li>
  
  
  
  1.20      +20 -13    httpd-dist/Announcement.txt
  
  Index: Announcement.txt
  ===================================================================
  RCS file: /home/cvs/httpd-dist/Announcement.txt,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- Announcement.txt	21 Oct 2004 12:40:45 -0000	1.19
  +++ Announcement.txt	28 Oct 2004 20:06:09 -0000	1.20
  @@ -1,32 +1,35 @@
   
  -                   Apache HTTP Server 1.3.32 Released
  +                   Apache HTTP Server 1.3.33 Released
   
      The Apache Software Foundation and The Apache HTTP Server Project are
  -   pleased to announce the release of version 1.3.32 of the Apache HTTP
  +   pleased to announce the release of version 1.3.33 of the Apache HTTP
      Server ("Apache").  This Announcement notes the significant changes
  -   in 1.3.32 as compared to 1.3.31.  The Announcement is also available
  -   in German, Spanish and Japanese from:
  +   in 1.3.33 as compared to 1.3.31 (1.3.32 was not formally released).
  +   The Announcement is also available in German and Japanese from:
   
  -        http://www.apache.org/dist/httpd/Announcement.html.de
  -        http://www.apache.org/dist/httpd/Announcement.html.es
  -        http://www.apache.org/dist/httpd/Announcement.html.ja
  +        http://www.apache.org/dist/httpd/Announcement.txt.de
  +        http://www.apache.org/dist/httpd/Announcement.txt.ja
   
      This version of Apache is principally a bug and security fix release.
      A partial summary of the bug fixes is given at the end of this document.
      A full listing of changes can be found in the CHANGES file.  Of
  -   particular note is that 1.3.32 addresses and fixes 1 potential
  -   security issue:
  +   particular note is that 1.3.33 addresses and fixes 2 potential
  +   security issues:
  +
  +     o CAN-2004-0940 (cve.mitre.org)
  +       Fix potential buffer overflow with escaped characters in
  +       SSI tag string.
   
        o CAN-2004-0492 (cve.mitre.org)
          Reject responses from a remote server if sent an invalid
          (negative) Content-Length.
   
  -   We consider Apache 1.3.32 to be the best version of Apache 1.3 available
  +   We consider Apache 1.3.33 to be the best version of Apache 1.3 available
      and we strongly recommend that users of older versions, especially of
      the 1.1.x and 1.2.x family, upgrade as soon as possible.  No further
      releases will be made in the 1.2.x family.
   
  -   Apache 1.3.32 is available for download from:
  +   Apache 1.3.33 is available for download from:
      
          http://httpd.apache.org/download.cgi
   
  @@ -75,10 +78,14 @@
      Apache 2.0 for better performance, stability and security on their
      platforms.
   
  -                     Apache 1.3.32 Major changes
  +                     Apache 1.3.33 Major changes
   
     Security vulnerabilities
   
  +     * CAN-2004-0940 (cve.mitre.org)
  +       Fix potential buffer overflow with escaped characters in
  +       SSI tag string.
  +
        * CAN-2004-0492 (cve.mitre.org)
          Reject responses from a remote server if sent an invalid
          (negative) Content-Length.
  @@ -102,7 +109,7 @@
     Bugs fixed
   
      The following noteworthy bugs were found in Apache 1.3.31 (or earlier)
  -   and have been fixed in Apache 1.3.32:
  +   and have been fixed in Apache 1.3.33:
   
        * mod_rewrite: Fix query string handling for proxied URLs. PR 14518.
                                                                                   
  
  
  
  1.6       +17 -9     httpd-dist/Announcement.txt.ja
  
  	<<Binary file>>
  
  

Mime
View raw message