httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Woolley <jwool...@virginia.edu>
Subject Re: cvs commit: apache-1.3/src/include httpd.h
Date Thu, 21 Mar 2002 17:55:32 GMT
On 21 Mar 2002 jim@apache.org wrote:

>   +   This version of Apache is principally a security and bug fix release.
>   +   A summary of the bug fixes and major new features is given at the end
>   +   of this document.  Of particular note is that 1.3.24 addresses and
>   +   fixes the issues noted in CAN-2002-0061 (mitre.org) regarding escaping
>   +   of command line args on Win32.  We would like to thank Ory Segal
>   +   <ORY.SEGAL@SANCTUMINC.COM> for discovering and reporting the
>   +   vulnerability.

In hindsight, it would have been nice if we had credited Owen Cliffe
<occ@cs.bath.ac.uk> with reporting the mod_include issue somewhere
CHANGES?  Announcement?.

Too late I guess.  :(


--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA




Mime
View raw message