You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by ma...@hyperreal.org on 1998/03/05 23:54:32 UTC

cvs commit: apache-1.2/src CHANGES

marc        98/03/05 14:54:32

  Modified:    src      Tag: APACHE_1_2_X CHANGES
  Log:
  Add UserDir bug to CHANGES.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.286.2.77 +5 -0      apache-1.2/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache-1.2/src/CHANGES,v
  retrieving revision 1.286.2.76
  retrieving revision 1.286.2.77
  diff -u -r1.286.2.76 -r1.286.2.77
  --- CHANGES	1998/01/28 10:09:25	1.286.2.76
  +++ CHANGES	1998/03/05 22:54:30	1.286.2.77
  @@ -1,5 +1,10 @@
   Changes with Apache 1.2.6
   
  +  *) SECURITY: "UserDir /abspath" without a * in the path would allow
  +     remote users to access "/~.." and bypass access restrictions
  +     (but note /~../.. was handled properly).
  +     [Lauri Jesmin <je...@ut.ee>] PR#1701
  +
     *) SIGURG doesn't exist on all platforms.
        [Mark Andrew Heinrich <he...@tinderbox.Stanford.EDU>]