httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpl...@apache.org
Subject svn commit: r608063 - /httpd/httpd/trunk/CHANGES
Date Wed, 02 Jan 2008 09:50:57 GMT
Author: rpluem
Date: Wed Jan  2 01:50:56 2008
New Revision: 608063

URL: http://svn.apache.org/viewvc?rev=608063&view=rev
Log:
* These are now backported.

Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=608063&r1=608062&r2=608063&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Jan  2 01:50:56 2008
@@ -2,31 +2,12 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
-  *) SECURITY: CVE-2007-6388 (cve.mitre.org)
-     mod_status: Ensure refresh parameter is numeric to prevent
-     a possible XSS attack caused by redirecting to other URLs. 
-     Reported by SecurityReason.  [Mark Cox, Joe Orton]
-
-  *) SECURITY: CVE-2007-6421 (cve.mitre.org)
-     mod_proxy_balancer: Correctly escape the worker route and the worker
-     redirect string in the HTML output of the balancer manager.
-     Reported by SecurityReason. [Ruediger Pluem]
-
-  *) SECURITY: CVE-2007-6422 (cve.mitre.org)
-     Prevent crash in balancer manager if invalid balancer name is passed
-     as parameter. Reported by SecurityReason. [Ruediger Pluem]
-
   *) Introduce the ProxyFtpDirCharset directive, allowing the administrator
      to identify a default, or specific servers or paths which list their
      contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]
 
   *) mod_dav: Fix evaluation of If-Match * and If-None-Match * conditionals.
      PR 38034 [Paritosh Shah <shah.paritosh gmail.com>]
-
-  *) mod_dav: Adjust etag generation to produce identical results on 32-bit
-     and 64-bit platforms and avoid a regression with conditional PUT's on lock
-     and etag. PR 44152.
-     [Michael Clark <michael metaparadigm.com>, Ruediger Pluem]
 
   *) mod_deflate: Transform ETag when transforming the entity.
      PR 39727 [Henrik Nordstrom <hno squid-cache.org>, Nick Kew]



Mime
View raw message