Return-Path: 
 <dev-return-78979-apmail-tomcat-dev-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: (qmail 46009 invoked from network); 2 Mar 2007 15:28:13 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 2 Mar 2007 15:28:13 -0000
Received: (qmail 23667 invoked by uid 500); 2 Mar 2007 15:28:17 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 23551 invoked by uid 500); 2 Mar 2007 15:28:17 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 23540 invoked by uid 500); 2 Mar 2007 15:28:17 -0000
Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org
Received: (qmail 23537 invoked by uid 99); 2 Mar 2007 15:28:17 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Mar 2007 07:28:17 -0800
X-ASF-Spam-Status: No, hits=-99.5 required=10.0
	tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Mar 2007 07:28:07 -0800
Received: by eris.apache.org (Postfix, from userid 65534)
	id D212D1A981A; Fri,  2 Mar 2007 07:27:47 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r513808 -
 /tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
Date: Fri, 02 Mar 2007 15:27:47 -0000
To: tomcat-dev@jakarta.apache.org
From: jfclere@apache.org
X-Mailer: svnmailer-1.1.0
Message-Id: <20070302152747.D212D1A981A@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: jfclere
Date: Fri Mar  2 07:27:47 2007
New Revision: 513808

URL: http://svn.apache.org/viewvc?view=rev&rev=513808
Log:
Add lastest idem from 1.2.21

Modified:
    tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=diff&rev=513808&r1=513807&r2=513808
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Fri Mar  2 07:27:47 2007
@@ -29,6 +29,17 @@
   <br />
   <subsection name="Native">
     <changelog>
+      <fix>
+        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774"><b>CVE-2007-0774</b></a>
+        : Fix a buffer overflow in map_uri_to_worker().
+        URL longer that 4095 were crashing mod_jk.
+        This could have allow different kind of attacks. Reported by ZDI.
+        Please note this issue only affected versions 1.2.19 and 1.2.20 of the
+        Apache Tomcat JK Web Server Connector and not previous versions.
+        Tomcat 5.5.20 and Tomcat 4.1.34
+        included a vulnerable version in their source packages.
+        Other versions of Tomcat were not affected.
+      </fix>
       <add>
       Check the worker. parameters and don't start if the parameter is not a valid one. (jfclere)
       </add>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org