You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2004/09/02 11:37:39 UTC
cvs commit: apache-1.3/src CHANGES
mjc 2004/09/02 02:37:39
Modified: src CHANGES
Log:
Promote CAN references to final CVE references for the CVE update
that happened last night
Revision Changes Path
1.1953 +4 -4 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1952
retrieving revision 1.1953
diff -u -r1.1952 -r1.1953
--- CHANGES 28 Aug 2004 16:13:28 -0000 1.1952
+++ CHANGES 2 Sep 2004 09:37:38 -0000 1.1953
@@ -72,7 +72,7 @@
NONBLOCK_WHEN_MULTI_LISTEN if needed for your platform and not
already defined. [Jeff Trawick, Brad Nicholes, Joe Orton]
- *) SECURITY: CAN-2003-0993 (cve.mitre.org)
+ *) SECURITY: CVE-2003-0993 (cve.mitre.org)
Fix parsing of Allow/Deny rules using IP addresses without a
netmask; issue is only known to affect big-endian 64-bit
platforms; on affected platforms such rules would never produce
@@ -126,7 +126,7 @@
*) Forensic logging module added (mod_log_forensic).
[Ben Laurie]
- *) SECURITY: CAN-2003-0020 (cve.mitre.org)
+ *) SECURITY: CVE-2003-0020 (cve.mitre.org)
Escape arbitrary data before writing into the errorlog. Unescaped
errorlogs are still possible using the compile time switch
"-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, Andr� Malo]
@@ -376,7 +376,7 @@
Changes with Apache 1.3.27
- *) SECURITY: CAN-2002-0840 (cve.mitre.org)
+ *) SECURITY: CVE-2002-0840 (cve.mitre.org)
Prevent a cross-site scripting vulnerability in the default
error page. The issue could only be exploited if the directive
UseCanonicalName is set to Off and a server is being run at
@@ -4045,7 +4045,7 @@
run-time configurable using the ExtendedStatus directive.
[Jim Jagielski]
- *) SECURITY: CAN-1999-1199 (cve.mitre.org)
+ *) SECURITY: CVE-1999-1199 (cve.mitre.org)
Eliminate O(n^2) space DoS attacks (and other O(n^2)
cpu time attacks) in header parsing. Add ap_overlap_tables(),
a function which can be used to perform bulk update operations