Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 25776 invoked from network); 2 Jan 2008 09:51:39 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Jan 2008 09:51:39 -0000 Received: (qmail 91704 invoked by uid 500); 2 Jan 2008 09:51:21 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 91642 invoked by uid 500); 2 Jan 2008 09:51:21 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 91583 invoked by uid 99); 2 Jan 2008 09:51:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Jan 2008 01:51:21 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Jan 2008 09:50:53 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 824631A984F; Wed, 2 Jan 2008 01:50:57 -0800 (PST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r608063 - /httpd/httpd/trunk/CHANGES Date: Wed, 02 Jan 2008 09:50:57 -0000 To: cvs@httpd.apache.org From: rpluem@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080102095057.824631A984F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: rpluem Date: Wed Jan 2 01:50:56 2008 New Revision: 608063 URL: http://svn.apache.org/viewvc?rev=608063&view=rev Log: * These are now backported. Modified: httpd/httpd/trunk/CHANGES Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=608063&r1=608062&r2=608063&view=diff ============================================================================== --- httpd/httpd/trunk/CHANGES [utf-8] (original) +++ httpd/httpd/trunk/CHANGES [utf-8] Wed Jan 2 01:50:56 2008 @@ -2,31 +2,12 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] - *) SECURITY: CVE-2007-6388 (cve.mitre.org) - mod_status: Ensure refresh parameter is numeric to prevent - a possible XSS attack caused by redirecting to other URLs. - Reported by SecurityReason. [Mark Cox, Joe Orton] - - *) SECURITY: CVE-2007-6421 (cve.mitre.org) - mod_proxy_balancer: Correctly escape the worker route and the worker - redirect string in the HTML output of the balancer manager. - Reported by SecurityReason. [Ruediger Pluem] - - *) SECURITY: CVE-2007-6422 (cve.mitre.org) - Prevent crash in balancer manager if invalid balancer name is passed - as parameter. Reported by SecurityReason. [Ruediger Pluem] - *) Introduce the ProxyFtpDirCharset directive, allowing the administrator to identify a default, or specific servers or paths which list their contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem] *) mod_dav: Fix evaluation of If-Match * and If-None-Match * conditionals. PR 38034 [Paritosh Shah ] - - *) mod_dav: Adjust etag generation to produce identical results on 32-bit - and 64-bit platforms and avoid a regression with conditional PUT's on lock - and etag. PR 44152. - [Michael Clark , Ruediger Pluem] *) mod_deflate: Transform ETag when transforming the entity. PR 39727 [Henrik Nordstrom , Nick Kew]