You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by rj...@apache.org on 2009/04/16 17:34:20 UTC

svn commit: r765667 - /tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

Author: rjung
Date: Thu Apr 16 15:34:20 2009
New Revision: 765667

URL: http://svn.apache.org/viewvc?rev=765667&view=rev
Log:
Add all disclosed CVEs for mod_jk to changelog.

Modified:
    tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?rev=765667&r1=765666&r2=765667&view=diff
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Thu Apr 16 15:34:20 2009
@@ -246,7 +246,9 @@
         connection timeout but higher operational timeouts. (mturk)
       </add>
       <fix>
-        AJP13: Always send initial POST packet even if the client
+        AJP13: 
+        [<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519"><b>CVE-2008-5519</b></a>]
+        Always send initial POST packet even if the client
         disconnected after sending request but before providing
         POST data. In that case or in case the client broke the
         connection in a middle of read send an zero size packet
@@ -806,6 +808,9 @@
   <subsection name="Native">
     <changelog>
       <update>
+      [<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450"><b>CVE-2007-0450</b></a>]
+      and
+      [<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860"><b>CVE-2007-1860</b></a>]:
       Change the default value of JkOptions to ForwardURICompatUnparsed.
       The old default value was ForwardURICompat.
       This should make URL interpretation between Apache httpd and
@@ -936,8 +941,8 @@
   <subsection name="Native">
     <changelog>
       <fix>
-        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774"><b>CVE-2007-0774</b></a>
-        : A denial of service and critical remote code execution vulnerability.
+        [<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774"><b>CVE-2007-0774</b></a>]:
+        A denial of service and critical remote code execution vulnerability.
         Caused by buffer overflow in map_uri_to_worker() when URL were longer that 4095 bytes.
         Reported by ZDI (www.zerodayintiative.com).
         Please note this issue only affected versions 1.2.19 and 1.2.20 of the
@@ -1511,7 +1516,9 @@
       snprintf functions. (mturk)
       </fix>
       <fix>
-      <bug>38859</bug>: Protect mod_jk against buggy or malicious
+      <bug>38859</bug>:
+      [<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7197"><b>CVE-2006-7197</b></a>]
+      Protect mod_jk against buggy or malicious
       AJP servers in the backend. Patch provided by Ruediger Pluem. (mturk)
       </fix>
       <fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org