You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2006/07/28 05:56:07 UTC

svn commit: r426374 - in /httpd/httpd/dist: Announcement2.2.html Announcement2.2.txt

Author: wrowe
Date: Thu Jul 27 20:56:07 2006
New Revision: 426374

URL: http://svn.apache.org/viewvc?rev=426374&view=rev
Log:

  Nice catch Noodl, no 1.3.38 here - and a grammer fix plus reflow for tomorrow.

Modified:
    httpd/httpd/dist/Announcement2.2.html
    httpd/httpd/dist/Announcement2.2.txt

Modified: httpd/httpd/dist/Announcement2.2.html
URL: http://svn.apache.org/viewvc/httpd/httpd/dist/Announcement2.2.html?rev=426374&r1=426373&r2=426374&view=diff
==============================================================================
--- httpd/httpd/dist/Announcement2.2.html (original)
+++ httpd/httpd/dist/Announcement2.2.html Thu Jul 27 20:56:07 2006
@@ -26,19 +26,19 @@
 <p>This version of Apache is principally a bug and security fix release.
    The following potential security flaws are addressed;</p>
 
-<p><a
- href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747:</a>
+<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747"
+     >CVE-2006-3747:</a>
 An off-by-one flaw exists in the Rewrite module, mod_rewrite,
 as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.
 </p>
 
-<p>Depending on the manner in which Apache HTTP Server was compiled, this software
-defect may result in a vulnerability which, in combination with certain types of
-Rewrite rules in the web server configuration files, could be triggered
-remotely.  For vulnerable builds, the nature of the vulnerability can be denial
-of service (crashing of web server processes) or potentially allow arbitrary
-code execution.  This issue has been rated as having important security impact
-by the Apache HTTP Server Security Team.</p>
+<p>Depending on the manner in which Apache HTTP Server was compiled, this 
+software defect may result in a vulnerability which, in combination with 
+certain types of Rewrite rules in the web server configuration files, could 
+be triggered remotely.  For vulnerable builds, the nature of the vulnerability 
+can be denial of service (crashing of web server processes) or potentially 
+allow arbitrary code execution.  This issue has been rated as having important 
+security impact by the Apache HTTP Server Security Team.</p>
 
 <p>This flaw does not affect a default installation of Apache HTTP Server.
 Users who do not use, or have not enabled, the Rewrite module mod_rewrite are
@@ -70,7 +70,8 @@
 <dl>
 <dd>
 <a
-href="http://www.kb.cert.org/vuls/id/395412">http://www.kb.cert.org/vuls/id/395412</a>
+href="http://www.kb.cert.org/vuls/id/395412"
+     >http://www.kb.cert.org/vuls/id/395412</a>
 </dd></dl>
 
 <p>The Apache HTTP Server project thanks Mark Dowd of McAfee Avert Labs for the
@@ -83,7 +84,8 @@
 
 <p>Apache HTTP Server 2.2.3 is available for download from:</p>
 <dl>
-  <dd><a href="http://httpd.apache.org/download.cgi">http://httpd.apache.org/download.cgi</a></dd>
+  <dd><a href="http://httpd.apache.org/download.cgi"
+              >http://httpd.apache.org/download.cgi</a></dd>
 </dl>
 
 <p>
@@ -103,30 +105,28 @@
 </p>
 
 <p>
-Apache HTTP Server 1.3.38 and 2.0.59 legacy releases are also available
+Apache HTTP Server 1.3.37 and 2.0.59 legacy releases are also available
 with this security fix.  See the appropriate CHANGES from the url above.
-The Apache HTTP Project developers strongly encourages all users to
+The Apache HTTP Project developers strongly encourage all users to
 migrate to Apache 2.2, as only limited maintenance is performed on these
 legacy versions.
 </p>
 
-<p>
-This release includes the <a href="http://apr.apache.org/">Apache Portable Runtime</a>
- (APR) version 1.2.7
+<p>This release includes the <a href="http://apr.apache.org/"
+>Apache Portable Runtime</a> (APR) version 1.2.7
 bundled with the tar and zip distributions.  The APR libraries libapr,
 libaprutil, and (on Win32) libapriconv must all be updated to ensure
 binary compatibility and address many known platform bugs.
 </p>
 
-<p>
-This release
-builds on and extends the Apache 2.0 API. Modules written for Apache 2.0
-will need to be recompiled in order to run with Apache 2.2, but no
-substantial reworking should be necessary.
+<p>This release builds on and extends the Apache 2.0 API. Modules written 
+for Apache 2.0 will need to be recompiled in order to run with Apache 2.2, 
+but no substantial reworking should be necessary.
 </p>
 <dl>
-  <dd><a href="http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING">
-http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING</a></dd>
+  <dd><a 
+href="http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING"
+> http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING</a></dd>
 </dl>
 
 <p>

Modified: httpd/httpd/dist/Announcement2.2.txt
URL: http://svn.apache.org/viewvc/httpd/httpd/dist/Announcement2.2.txt?rev=426374&r1=426373&r2=426374&view=diff
==============================================================================
--- httpd/httpd/dist/Announcement2.2.txt (original)
+++ httpd/httpd/dist/Announcement2.2.txt Thu Jul 27 20:56:07 2006
@@ -47,7 +47,7 @@
    provider of their web server. Statements from vendors can be obtained from
    the US-CERT vulnerability note for this issue at:
 
-           http://www.kb.cert.org/vuls/id/395412
+     http://www.kb.cert.org/vuls/id/395412
 
    The Apache HTTP Server project thanks Mark Dowd of McAfee Avert Labs for
    the responsible reporting of this vulnerability.
@@ -57,20 +57,20 @@
 
    Apache HTTP Server 2.2.3 is available for download from:
 
-           http://httpd.apache.org/download.cgi
+     http://httpd.apache.org/download.cgi
 
    Apache 2.2 offers numerous enhancements, improvements, and performance
    boosts over the 2.0 codebase. For an overview of new features introduced
    since 2.0 please see:
 
-           http://httpd.apache.org/docs/2.2/new_features_2_2.html
+     http://httpd.apache.org/docs/2.2/new_features_2_2.html
 
    Please see the CHANGES_2.2 file, linked from the download page, for a full
    list of changes.
 
-   Apache HTTP Server 1.3.38 and 2.0.59 legacy releases are also available
+   Apache HTTP Server 1.3.37 and 2.0.59 legacy releases are also available
    with this security fix. See the appropriate CHANGES from the url above.
-   The Apache HTTP Project developers strongly encourages all users to
+   The Apache HTTP Project developers strongly encourage all users to
    migrate to Apache 2.2, as only limited maintenance is performed on these
    legacy versions.
 
@@ -83,7 +83,7 @@
    Apache 2.0 will need to be recompiled in order to run with Apache 2.2, but
    no substantial reworking should be necessary.
 
-           http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING
+     http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING
 
    When upgrading or installing this version of Apache, please bear in mind
    that if you intend to use Apache with one of the threaded MPMs, you must