You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2007/12/15 16:42:43 UTC
svn commit: r604441 - /httpd/httpd/branches/2.0.x/CHANGES
Author: rpluem
Date: Sat Dec 15 07:42:42 2007
New Revision: 604441
URL: http://svn.apache.org/viewvc?rev=604441&view=rev
Log:
* Wrong order, Security changes first.
Modified:
httpd/httpd/branches/2.0.x/CHANGES
Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?rev=604441&r1=604440&r2=604441&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Sat Dec 15 07:42:42 2007
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.0.62
+ *) SECURITY: CVE-2007-5000 (cve.mitre.org)
+ mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
+ [Joe Orton]
+
*) http_protocol: Escape request method in 405 error reporting.
This has no security impact since the browser cannot be tricked
into sending arbitrary method strings. [Jeff Trawick]
@@ -8,10 +12,6 @@
*) http_protocol: Escape request method in 413 error reporting.
Determined to be not generally exploitable, but a flaw in any case.
PR 44014 [Victor Stinner <victor.stinner inl.fr>]
-
- *) SECURITY: CVE-2007-5000 (cve.mitre.org)
- mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
- [Joe Orton]
Changes with Apache 2.0.61