You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2005/08/30 13:19:44 UTC
svn commit: r264758 - /httpd/httpd/branches/2.0.x/CHANGES
Author: mjc
Date: Tue Aug 30 04:19:40 2005
New Revision: 264758
URL: http://svn.apache.org/viewcvs?rev=264758&view=rev
Log:
Go through the list of allocated CVE names for httpd related issues and
fix up CHANGES to match. Still got four older issues in my queue to
add in here.
Modified:
httpd/httpd/branches/2.0.x/CHANGES
Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=264758&r1=264757&r2=264758&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Tue Aug 30 04:19:40 2005
@@ -16,7 +16,8 @@
(or if it didn't succeed) for non-authoritative cases.
[Jim Jagielski]
- *) Fix cases where the byterange filter would buffer responses
+ *) SECURITY: CAN-2005-2728 (cve.mitre.org)
+ Fix cases where the byterange filter would buffer responses
into memory. PR 29962. [Joe Orton]
*) mod_proxy: Fix over-eager handling of '%' for reverse proxies.
@@ -33,7 +34,7 @@
*) mod_ssl: Fix build with OpenSSL 0.9.8. PR 35757. [William Rowe]
- *) SECURITY: CAN-2005-2088
+ *) SECURITY: CAN-2005-2088 (cve.mitre.org)
core: If a request contains both Transfer-Encoding and Content-Length
headers, remove the Content-Length, mitigating some HTTP Request
Splitting/Spoofing attacks. [Paul Querna, Joe Orton]
@@ -1247,7 +1248,8 @@
names faulted the running OS2 worker process. The fix is
actually in APR 0.9.4. [Brian Havard]
- *) Forward port: Escape special characters (especially control
+ *) SECURITY: CAN-2003-0083 (cve.mitre.org)
+ Forward port: Escape special characters (especially control
characters) in mod_log_config to make a clear distinction between
client-supplied strings (with special characters) and server-side
strings. This was already introduced in version 1.3.25.