You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by st...@apache.org on 2004/07/01 01:10:13 UTC
cvs commit: httpd-site/xdocs download.xml index.xml
striker 2004/06/30 16:10:13
Modified: docs download.html index.html
xdocs download.xml index.xml
Log:
Update the site to match the announcement.
Revision Changes Path
1.57 +0 -2 httpd-site/docs/download.html
Index: download.html
===================================================================
RCS file: /home/cvs/httpd-site/docs/download.html,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- download.html 29 Jun 2004 01:38:17 -0000 1.56
+++ download.html 30 Jun 2004 23:10:13 -0000 1.57
@@ -136,7 +136,6 @@
[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.Z.asc">PGP</a>]
[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.Z.md5">MD5</a>]</li>
-<!--
<li>Win32 Source:
<a href="[preferred]/httpd/httpd-2.0.50-win32-src.zip">httpd-2.0.50-win32-src.zip</a>
[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50-win32-src.zip.asc">PGP</a>]
@@ -148,7 +147,6 @@
[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi.asc">PGP</a>]
[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi.md5">MD5</a>]
</li>
--->
<li><a href="[preferred]/httpd/">Other files</a></li>
1.79 +4 -0 httpd-site/docs/index.html
Index: index.html
===================================================================
RCS file: /home/cvs/httpd-site/docs/index.html,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- index.html 29 Jun 2004 01:38:17 -0000 1.78
+++ index.html 30 Jun 2004 23:10:13 -0000 1.79
@@ -141,10 +141,14 @@
<p>A remotely triggered memory leak in http header parsing can allow a
denial of service attack due to excessive memory consumption.<br />
<code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">CAN-2004-0493</a>]</code></p>
+<p>Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a
+ (trusted) client certificate subject DN which exceeds 6K in length.<br />
+ <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>]</code></p>
<p>For further details, see the <a href="http://www.apache.org/dist/httpd/Announcement2.html">announcement</a>.</p>
<p align="center">
<a href="download.cgi">Download</a> |
<a href="docs-2.0/new_features_2_0.html">New Features in Apache 2.0</a> |
+<a href="http://www.apache.org/dist/httpd/CHANGES_2.0.50">ChangeLog for 2.0.50</a>
<a href="http://www.apache.org/dist/httpd/CHANGES_2.0">ChangeLog for 2.0</a>
</p>
</blockquote>
1.51 +0 -2 httpd-site/xdocs/download.xml
Index: download.xml
===================================================================
RCS file: /home/cvs/httpd-site/xdocs/download.xml,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- download.xml 29 Jun 2004 01:38:17 -0000 1.50
+++ download.xml 30 Jun 2004 23:10:13 -0000 1.51
@@ -84,7 +84,6 @@
[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.Z.asc">PGP</a>]
[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.Z.md5">MD5</a>]</li>
-<!--
<li>Win32 Source:
<a href="[preferred]/httpd/httpd-2.0.50-win32-src.zip">httpd-2.0.50-win32-src.zip</a>
[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50-win32-src.zip.asc">PGP</a>]
@@ -96,7 +95,6 @@
[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi.asc">PGP</a>]
[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi.md5">MD5</a>]
</li>
--->
<li><a href="[preferred]/httpd/">Other files</a></li>
1.57 +11 -1 httpd-site/xdocs/index.xml
Index: index.xml
===================================================================
RCS file: /home/cvs/httpd-site/xdocs/index.xml,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- index.xml 29 Jun 2004 01:38:18 -0000 1.56
+++ index.xml 30 Jun 2004 23:10:13 -0000 1.57
@@ -83,7 +83,16 @@
<p>A remotely triggered memory leak in http header parsing can allow a
denial of service attack due to excessive memory consumption.<br/>
- <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">CAN-2004-0493</a>]</code></p>
+ <code>[<a
+ href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493"
+ >CAN-2004-0493</a>]</code></p>
+
+<p>Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a
+ (trusted) client certificate subject DN which exceeds 6K in length.<br/>
+ <code>[<a
+ href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488"
+ >CAN-2004-0488</a>]</code></p>
+
<p>For further details, see the <a
href="http://www.apache.org/dist/httpd/Announcement2.html">announcement</a>.</p>
@@ -91,6 +100,7 @@
<p align="center">
<a href="download.cgi">Download</a> |
<a href="docs-2.0/new_features_2_0.html">New Features in Apache 2.0</a> |
+<a href="http://www.apache.org/dist/httpd/CHANGES_2.0.50">ChangeLog for 2.0.50</a>
<a href="http://www.apache.org/dist/httpd/CHANGES_2.0">ChangeLog for 2.0</a>
</p>