svn commit: r514031 - /tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

[jf...@apache.org]

Author: jfclere
Date: Fri Mar  2 16:38:29 2007
New Revision: 514031

URL: http://svn.apache.org/viewvc?view=rev&rev=514031
Log:
Arrange the explaination.

Modified:
    tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=diff&rev=514031&r1=514030&r2=514031
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Fri Mar  2 16:38:29 2007
@@ -22,18 +22,15 @@
   new documentation project for JK was started.
   </p>
 </section>
-<section name="Changes between 1.2.21 and 1.2.22">
-  <br />
-</section>
 <section name="Changes between 1.2.20 and 1.2.21">
   <br />
   <subsection name="Native">
     <changelog>
       <fix>
         <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774"><b>CVE-2007-0774</b></a>
-        : Fix a buffer overflow in map_uri_to_worker().
-        URL longer that 4095 were crashing mod_jk.
-        This could have allow different kind of attacks. Reported by ZDI.
+        : A denial of service and critical remote code execution vulnerability.
+        Caused by buffer overflow in map_uri_to_worker() when URL were longer that 4095 bytes.
+        Reported by ZDI (www.zerodayintiative.com).
         Please note this issue only affected versions 1.2.19 and 1.2.20 of the
         Apache Tomcat JK Web Server Connector and not previous versions.
         Tomcat 5.5.20 and Tomcat 4.1.34



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org