You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by jf...@apache.org on 2007/03/02 16:27:47 UTC
svn commit: r513808 -
/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
Author: jfclere
Date: Fri Mar 2 07:27:47 2007
New Revision: 513808
URL: http://svn.apache.org/viewvc?view=rev&rev=513808
Log:
Add lastest idem from 1.2.21
Modified:
tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=diff&rev=513808&r1=513807&r2=513808
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Fri Mar 2 07:27:47 2007
@@ -29,6 +29,17 @@
<br />
<subsection name="Native">
<changelog>
+ <fix>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774"><b>CVE-2007-0774</b></a>
+ : Fix a buffer overflow in map_uri_to_worker().
+ URL longer that 4095 were crashing mod_jk.
+ This could have allow different kind of attacks. Reported by ZDI.
+ Please note this issue only affected versions 1.2.19 and 1.2.20 of the
+ Apache Tomcat JK Web Server Connector and not previous versions.
+ Tomcat 5.5.20 and Tomcat 4.1.34
+ included a vulnerable version in their source packages.
+ Other versions of Tomcat were not affected.
+ </fix>
<add>
Check the worker. parameters and don't start if the parameter is not a valid one. (jfclere)
</add>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org