httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r609953 - /httpd/httpd/branches/2.2.x/CHANGES
Date Tue, 08 Jan 2008 12:28:43 GMT
Author: rpluem
Date: Tue Jan  8 04:28:41 2008
New Revision: 609953

Merge r609394, r609538 from trunk:

* Fix cases with non blocking reads from the ap_http_filter input filter where
  chunk size lines or empty lines after a chunk are read incomplete. This can
  lead to a corruption inside the dechunking algorithm.
  This patch has an issue with larger chunk-extensions which need to get thrown
  away since we ignore them anyway.

PR: 19954, 41056
Tested by: niq

* Optimize solution from r609394 and remove chunk-extensions restriction that
  was in r609394.

Submitted by: rpluem
Reviewed by: ruediger


Modified: httpd/httpd/branches/2.2.x/CHANGES
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue Jan  8 04:28:41 2008
@@ -32,7 +32,8 @@
      mod_imagemap: Fix a cross-site scripting issue.  Reported by JPCERT.
      [Joe Orton]
-  *) Introduce the ProxyFtpDirCharset directive, allowing the administrator
+  *) SECURITY: CVE-2008-0005 (
+     Introduce the ProxyFtpDirCharset directive, allowing the administrator
      to identify a default, or specific servers or paths which list their
      contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]

View raw message