You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2004/09/02 11:49:10 UTC
cvs commit: httpd-2.0 CHANGES
mjc 2004/09/02 02:49:09
Modified: . CHANGES
Log:
CAN to CVE promotions from CVE version 20040901
Revision Changes Path
1.1581 +5 -5 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.1580
retrieving revision 1.1581
diff -u -r1.1580 -r1.1581
--- CHANGES 1 Sep 2004 17:21:52 -0000 1.1580
+++ CHANGES 2 Sep 2004 09:49:09 -0000 1.1581
@@ -774,7 +774,7 @@
*) mod_ssl: Send the Close Alert message to the peer before closing
the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
- *) SECURITY: CAN-2004-0113 (cve.mitre.org)
+ *) SECURITY: CVE-2004-0113 (cve.mitre.org)
mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
PR 27106. [Joe Orton]
@@ -946,7 +946,7 @@
*) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
the destination resource gives a 401. PR 15571. [Joe Orton]
- *) SECURITY: CAN-2003-0020 (cve.mitre.org)
+ *) SECURITY: CVE-2003-0020 (cve.mitre.org)
Escape arbitrary data before writing into the errorlog. Unescaped
errorlogs are still possible using the compile time switch
"-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, Andr� Malo]
@@ -1834,7 +1834,7 @@
Changes with Apache 2.0.43
- *) SECURITY [CAN-2002-0840]: HTML-escape the address produced by
+ *) SECURITY [CVE-2002-0840]: HTML-escape the address produced by
ap_server_signature() against this cross-site scripting
vulnerability exposed by the directive 'UseCanonicalName Off'.
Also HTML-escape the SERVER_NAME environment variable for CGI
@@ -1857,7 +1857,7 @@
could lead to an infinite loop. PR 12705
[Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
- *) SECURITY [CAN-2002-1156] (cve.mitre.org):
+ *) SECURITY [CVE-2002-1156] (cve.mitre.org):
Fix the exposure of CGI source when a POST request is sent to
a location where both DAV and CGI are enabled. [Ryan Bloom]
@@ -8819,7 +8819,7 @@
run-time configurable using the ExtendedStatus directive.
[Jim Jagielski]
- *) SECURITY [CAN-1999-1199] (cve.mitre.org):
+ *) SECURITY [CVE-1999-1199] (cve.mitre.org):
Eliminate O(n^2) space DoS attacks (and other O(n^2)
cpu time attacks) in header parsing. Add ap_overlap_tables(),
a function which can be used to perform bulk update operations