httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r264758 - /httpd/httpd/branches/2.0.x/CHANGES
Date Tue, 30 Aug 2005 11:19:44 GMT
Author: mjc
Date: Tue Aug 30 04:19:40 2005
New Revision: 264758

URL: http://svn.apache.org/viewcvs?rev=264758&view=rev
Log:
Go through the list of allocated CVE names for httpd related issues and
fix up CHANGES to match.  Still got four older issues in my queue to
add in here.

Modified:
    httpd/httpd/branches/2.0.x/CHANGES

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=264758&r1=264757&r2=264758&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Tue Aug 30 04:19:40 2005
@@ -16,7 +16,8 @@
      (or if it didn't succeed) for non-authoritative cases.
      [Jim Jagielski]
 
-  *) Fix cases where the byterange filter would buffer responses
+  *) SECURITY: CAN-2005-2728 (cve.mitre.org)
+     Fix cases where the byterange filter would buffer responses
      into memory.  PR 29962.  [Joe Orton]
 
   *) mod_proxy: Fix over-eager handling of '%' for reverse proxies.
@@ -33,7 +34,7 @@
 
   *) mod_ssl: Fix build with OpenSSL 0.9.8.  PR 35757.  [William Rowe]
 
-  *) SECURITY: CAN-2005-2088
+  *) SECURITY: CAN-2005-2088 (cve.mitre.org)
      core: If a request contains both Transfer-Encoding and Content-Length
      headers, remove the Content-Length, mitigating some HTTP Request 
      Splitting/Spoofing attacks.  [Paul Querna, Joe Orton]
@@ -1247,7 +1248,8 @@
      names faulted the running OS2 worker process.  The fix is
      actually in APR 0.9.4.  [Brian Havard]
 
-  *) Forward port: Escape special characters (especially control
+  *) SECURITY: CAN-2003-0083 (cve.mitre.org)
+     Forward port: Escape special characters (especially control
      characters) in mod_log_config to make a clear distinction between
      client-supplied strings (with special characters) and server-side
      strings. This was already introduced in version 1.3.25.



Mime
View raw message