httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r557606 - /httpd/httpd/branches/2.0.x/CHANGES
Date Thu, 19 Jul 2007 12:57:25 GMT
Author: jorton
Date: Thu Jul 19 05:57:24 2007
New Revision: 557606

URL: http://svn.apache.org/viewvc?view=rev&rev=557606
Log:
Tweak changes entry for -3304 fix.

Modified:
    httpd/httpd/branches/2.0.x/CHANGES

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=diff&rev=557606&r1=557605&r2=557606
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Thu Jul 19 05:57:24 2007
@@ -11,9 +11,9 @@
      perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]
 
   *) SECURITY: CVE-2007-3304 (cve.mitre.org)
-     scoreboard pid protection fixes -- the only fix for 2.0.x is
-     to ensure a valid positive pid is passed to apr_proc_wait(); 
-     the MPMs do not kill children directly as in 2.2.x.
+     prefork, worker MPMs: Ensure that the parent process cannot
+     be forced to kill processes outside its process group. 
+     [Joe Orton, Jim Jagielski]
 
   *) mod_so: Solve dev's confusion by reporting expected/seen module
      magic signatures when failing with a 'garbled' message, and solve



Mime
View raw message