You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2005/10/13 23:04:59 UTC

svn commit: r320919 - in /httpd/site/trunk/xdocs: download.xml index.xml

Author: wrowe
Date: Thu Oct 13 14:04:58 2005
New Revision: 320919

URL: http://svn.apache.org/viewcvs?rev=320919&view=rev
Log:

  Revert the .34 bump, for a minute, while I fix the URL of the
  Announcement2.1-beta.html file (tagged -beta to avoid user
  confusion as they browse Announcement files.)

Modified:
    httpd/site/trunk/xdocs/download.xml
    httpd/site/trunk/xdocs/index.xml

Modified: httpd/site/trunk/xdocs/download.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/download.xml?rev=320919&r1=320918&r2=320919&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/download.xml (original)
+++ httpd/site/trunk/xdocs/download.xml Thu Oct 13 14:04:58 2005
@@ -105,7 +105,7 @@
 2.1.8-beta is also available</title>
 
 <p>For details see the <a
-   href="http://www.apache.org/dist/httpd/Announcement2.1.html">Official
+   href="http://www.apache.org/dist/httpd/Announcement2.1-beta.html">Official
    Announcement</a> and the <a
    href="[preferred]/httpd/CHANGES_2.1">CHANGES_2.1</a> list.</p>
 
@@ -131,9 +131,9 @@
 
 </section>
 
-<section id="apache13"><title>Apache 1.3.34 is also available</title>
+<section id="apache13"><title>Apache 1.3.33 is also available</title>
 
-<p>Apache 1.3.34 is the best available version of the 1.3 series, and
+<p>Apache 1.3.33 is the best available version of the 1.3 series, and
 is recommended over all previous 1.3 releases.  This release adds several
 enhancements, fixes a number of bugs and addresses 2 security issues described in
 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940">CAN-2004-0940 (cve.mitre.org)</a> and
@@ -150,29 +150,29 @@
 in preference to 2.0, although important new features and
 enhancements will be seriously considered for inclusion in 1.3.</p>
 
-<p>Use the Apache 1.3.34 version if you need to use third party
+<p>Use the Apache 1.3.33 version if you need to use third party
 modules that are not yet available as an Apache 2.0 module.  Apache
 1.3 is not compatibile with Apache 2.0 modules.</p>
 
 <ul>
 <li>Unix Source: <a
-href="[preferred]/httpd/apache_1.3.34.tar.gz">apache_1.3.34.tar.gz</a>
+href="[preferred]/httpd/apache_1.3.33.tar.gz">apache_1.3.33.tar.gz</a>
 [<a
-href="http://www.apache.org/dist/httpd/apache_1.3.34.tar.gz.asc">PGP</a>] [<a
-href="http://www.apache.org/dist/httpd/apache_1.3.34.tar.gz.md5">MD5</a>]</li>
+href="http://www.apache.org/dist/httpd/apache_1.3.33.tar.gz.asc">PGP</a>] [<a
+href="http://www.apache.org/dist/httpd/apache_1.3.33.tar.gz.md5">MD5</a>]</li>
 
 <li>Unix Source: <a
-href="[preferred]/httpd/apache_1.3.34.tar.Z">apache_1.3.34.tar.Z</a>
+href="[preferred]/httpd/apache_1.3.33.tar.Z">apache_1.3.33.tar.Z</a>
 [<a
-href="http://www.apache.org/dist/httpd/apache_1.3.34.tar.Z.asc">PGP</a>] [<a
-href="http://www.apache.org/dist/httpd/apache_1.3.34.tar.Z.md5">MD5</a>]</li>
+href="http://www.apache.org/dist/httpd/apache_1.3.33.tar.Z.asc">PGP</a>] [<a
+href="http://www.apache.org/dist/httpd/apache_1.3.33.tar.Z.md5">MD5</a>]</li>
 
 <li>Win32 Binary (Self extracting): <a
-href="[preferred]/httpd/binaries/win32/apache_1.3.34-win32-x86-no_src.exe"
->apache_1.3.34-win32-x86-no_src.exe</a> [<a
-href="http://www.apache.org/dist/httpd/binaries/win32/apache_1.3.34-win32-x86-no_src.exe.asc">PGP</a>]
+href="[preferred]/httpd/binaries/win32/apache_1.3.33-win32-x86-no_src.exe"
+>apache_1.3.33-win32-x86-no_src.exe</a> [<a
+href="http://www.apache.org/dist/httpd/binaries/win32/apache_1.3.33-win32-x86-no_src.exe.asc">PGP</a>]
 [<a
-href="http://www.apache.org/dist/httpd/binaries/win32/apache_1.3.34-win32-x86-no_src.exe.md5">MD5</a>]</li>
+href="http://www.apache.org/dist/httpd/binaries/win32/apache_1.3.33-win32-x86-no_src.exe.md5">MD5</a>]</li>
 
 <li><a href="[preferred]/httpd/">Other files</a></li>
 </ul>

Modified: httpd/site/trunk/xdocs/index.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/index.xml?rev=320919&r1=320918&r2=320919&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/index.xml (original)
+++ httpd/site/trunk/xdocs/index.xml Thu Oct 13 14:04:58 2005
@@ -63,8 +63,8 @@
 <title>Apache 2.1.8-beta Released</title>
 
 <p>The Apache HTTP Server Project is proud to <a
-href="http://www.apache.org/dist/httpd/Announcement2.1.html">announce</a> the
-release of version 2.1.8-beta of the Apache HTTP Server ("Apache").</p>
+href="http://www.apache.org/dist/httpd/Announcement2.1-beta.html">announce</a>
+the release of version 2.1.8-beta of the Apache HTTP Server ("Apache").</p>
 
 <p>This version of Apache is a Beta release of the unstable development
    branch. <a href="docs/2.1/new_features_2_2.html">New features</a> include
@@ -80,22 +80,23 @@
 
 </section>
 
-<section id="1.3.34">
-<title>Apache 1.3.34 Released</title>
+<section id="1.3.33">
+<title>Apache 1.3.33 Released</title>
 
 <p>The Apache Group is pleased to announce the
    <a href="http://www.apache.org/dist/httpd/Announcement1.3.html"
-      >legacy release of the 1.3.34 version of the Apache HTTP Server</a>.
+      >legacy release of the 1.3.33 version of the Apache HTTP Server</a>.
 </p>
 
-<p>This version of Apache is principally a security and bug fix release.
-   Of particular note is that 1.3.34 addresses the following security issue:</p>
+<p>This version of Apache is principally a security and bug fix
+release.  Of particular note is that 1.3.33 addresses and fixes the
+following 2 security related issues:</p>
 
-<dl>
-<dd>If a request contains both Transfer-Encoding and Content-Length headers,
-    remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing
-    attacks.</dd>
-</dl>
+<p>Fix potential buffer overflow with escaped characters in SSI tag string.<br./>
+       <code>[<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940">CAN-2004-0940 (cve.mitre.org)</a>]</code></p>
+
+<p>Reject responses from a remote server if sent an invalid (negative) Content-Length.<br./>
+       <code>[<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492 (cve.mitre.org)</a>]</code></p>
 
 <p>For further details, see the 
    <a href="http://www.apache.org/dist/httpd/Announcement1.3.html"
@@ -105,7 +106,7 @@
 <a href="download.cgi">Download</a> | 
 <a href="docs/1.3/windows.html">Apache for Win32</a> |
 <a href="docs/1.3/new_features_1_3.html">New Features in Apache 1.3</a> |
-<a href="http://www.apache.org/dist/httpd/CHANGES_1.3">ChangeLog for 1.3.34</a>
+<a href="http://www.apache.org/dist/httpd/CHANGES_1.3">ChangeLog for 1.3.33</a>
 </p>
 </section>