You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by st...@apache.org on 2002/04/19 20:37:05 UTC

cvs commit: apache-1.3/src CHANGES

stoddard    02/04/19 11:37:05

  Modified:    src      CHANGES
  Log:
  Flag this a bit more clearly as a security issue...
  
  Revision  Changes    Path
  1.1808    +2 -1      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1807
  retrieving revision 1.1808
  diff -u -r1.1807 -r1.1808
  --- CHANGES	19 Apr 2002 11:15:18 -0000	1.1807
  +++ CHANGES	19 Apr 2002 18:37:05 -0000	1.1808
  @@ -34,7 +34,8 @@
     *) Fixed a segfault in mod_include when #if, #elif, #else, or #endif
        directives were improperly terminated.  [Cliff Woolley]
   
  -  *) Introduce proper escaping of command.com and cmd.exe for Win32.
  +  *) Win32 Security: CAN-2002-0061
  +     Introduce proper escaping of command.com and cmd.exe for Win32.
        These patches close vulnerability CAN-2002-0061, identified and
        reported by Ory Segal <or...@sanctuminc>, by which any CGI
        invocation of .bat or .cmd files could compromise the system