httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpl...@apache.org
Subject svn commit: r476628 - /httpd/httpd/trunk/CHANGES
Date Sat, 18 Nov 2006 22:20:25 GMT
Author: rpluem
Date: Sat Nov 18 14:20:25 2006
New Revision: 476628

URL: http://svn.apache.org/viewvc?view=rev&rev=476628
Log:
* CVE-2006-3747 was the main reason to release 2.2.3. So place the changelog
  entry where it belongs.

Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?view=diff&rev=476628&r1=476627&r2=476628
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sat Nov 18 14:20:25 2006
@@ -30,8 +30,8 @@
      AcceptMutex directive now takes an optional lockfile
      location parameter, ala SSLMutex. [Jim Jagielski]
 
-  *) Fix address-in-use startup failure caused by corruption of the list of 
-     listen sockets in some configurations with multiple generic Listen 
+  *) Fix address-in-use startup failure caused by corruption of the list of
+     listen sockets in some configurations with multiple generic Listen
      directives.  [Jeff Trawick]
 
   *) mod_authn_dbd: Export any additional columns queried in the SQL select
@@ -73,7 +73,7 @@
   *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
 
   *) Fix issue which could cause piped loggers to be orphaned and never
-     terminate after a graceful restart.  PR 40651.  [Joe Orton, 
+     terminate after a graceful restart.  PR 40651.  [Joe Orton,
      Ruediger Pluem]
 
   *) mod_headers: support regexp-based editing of HTTP headers [Nick Kew]
@@ -125,12 +125,6 @@
      his value is defined as 258, thus limiting the MaxThreads
      to that value. [Mladen Turk]
 
-  *) SECURITY: CVE-2006-3747 (cve.mitre.org)
-     mod_rewrite: Fix an off-by-one security problem in the ldap scheme
-     handling.  For some RewriteRules this could lead to a pointer being
-     written out of bounds.  Reported by Mark Dowd of McAfee.
-     [Mark Cox]
-
   *) mod_cache: While serving a cached entity ensure that filters that have
      been applied to this cached entity before saving it to the cache are not
      applied again. PR 40090. [Ruediger Pluem]
@@ -344,6 +338,12 @@
      PR 38962. [Christian Boitel <cboitel lfdj.com>]
 
 Changes with Apache 2.2.3
+
+  *) SECURITY: CVE-2006-3747 (cve.mitre.org)
+     mod_rewrite: Fix an off-by-one security problem in the ldap scheme
+     handling.  For some RewriteRules this could lead to a pointer being
+     written out of bounds.  Reported by Mark Dowd of McAfee.
+     [Mark Cox]
 
   *) mod_authn_alias: Add a check to make sure that the base provider and the
      alias names are different and also that the alias has not been registered



Mime
View raw message