You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2004/09/02 11:37:39 UTC

cvs commit: apache-1.3/src CHANGES

mjc         2004/09/02 02:37:39

  Modified:    src      CHANGES
  Log:
  Promote CAN references to final CVE references for the CVE update
  that happened last night
  
  Revision  Changes    Path
  1.1953    +4 -4      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1952
  retrieving revision 1.1953
  diff -u -r1.1952 -r1.1953
  --- CHANGES	28 Aug 2004 16:13:28 -0000	1.1952
  +++ CHANGES	2 Sep 2004 09:37:38 -0000	1.1953
  @@ -72,7 +72,7 @@
        NONBLOCK_WHEN_MULTI_LISTEN if needed for your platform and not
        already defined.  [Jeff Trawick, Brad Nicholes, Joe Orton]
   
  -  *) SECURITY: CAN-2003-0993 (cve.mitre.org) 
  +  *) SECURITY: CVE-2003-0993 (cve.mitre.org) 
        Fix parsing of Allow/Deny rules using IP addresses without a
        netmask; issue is only known to affect big-endian 64-bit
        platforms; on affected platforms such rules would never produce
  @@ -126,7 +126,7 @@
     *) Forensic logging module added (mod_log_forensic).
        [Ben Laurie]
   
  -  *) SECURITY: CAN-2003-0020 (cve.mitre.org)
  +  *) SECURITY: CVE-2003-0020 (cve.mitre.org)
        Escape arbitrary data before writing into the errorlog. Unescaped
        errorlogs are still possible using the compile time switch
        "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, Andr� Malo]
  @@ -376,7 +376,7 @@
   
   Changes with Apache 1.3.27
   
  -  *) SECURITY: CAN-2002-0840 (cve.mitre.org)
  +  *) SECURITY: CVE-2002-0840 (cve.mitre.org)
        Prevent a cross-site scripting vulnerability in the default
        error page.  The issue could only be exploited if the directive
        UseCanonicalName is set to Off and a server is being run at
  @@ -4045,7 +4045,7 @@
        run-time configurable using the ExtendedStatus directive.
        [Jim Jagielski]
   
  -  *) SECURITY: CAN-1999-1199 (cve.mitre.org)
  +  *) SECURITY: CVE-1999-1199 (cve.mitre.org)
        Eliminate O(n^2) space DoS attacks (and other O(n^2)
        cpu time attacks) in header parsing.  Add ap_overlap_tables(),
        a function which can be used to perform bulk update operations