diff options
| author | Ruediger Pluem <rpluem@apache.org> | 2006-11-18 23:20:25 +0100 |
|---|---|---|
| committer | Ruediger Pluem <rpluem@apache.org> | 2006-11-18 23:20:25 +0100 |
| commit | 7a16eaa47bf5a844a5579da4fa4692c03ca1215b (patch) | |
| tree | 0b06cba55f89565cf37405dd4d7d0f8aec83b3e0 /CHANGES | |
| parent | * Use the query string stored in r->parsed_uri.query instead of r->args (diff) | |
| download | apache2-7a16eaa47bf5a844a5579da4fa4692c03ca1215b.tar.xz apache2-7a16eaa47bf5a844a5579da4fa4692c03ca1215b.zip | |
* CVE-2006-3747 was the main reason to release 2.2.3. So place the changelog
entry where it belongs.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@476628 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
| -rw-r--r-- | CHANGES | 18 |
1 files changed, 9 insertions, 9 deletions
@@ -30,8 +30,8 @@ Changes with Apache 2.3.0 AcceptMutex directive now takes an optional lockfile location parameter, ala SSLMutex. [Jim Jagielski] - *) Fix address-in-use startup failure caused by corruption of the list of - listen sockets in some configurations with multiple generic Listen + *) Fix address-in-use startup failure caused by corruption of the list of + listen sockets in some configurations with multiple generic Listen directives. [Jeff Trawick] *) mod_authn_dbd: Export any additional columns queried in the SQL select @@ -73,7 +73,7 @@ Changes with Apache 2.3.0 *) mod_rewrite: support rewritemap by SQL query [Nick Kew] *) Fix issue which could cause piped loggers to be orphaned and never - terminate after a graceful restart. PR 40651. [Joe Orton, + terminate after a graceful restart. PR 40651. [Joe Orton, Ruediger Pluem] *) mod_headers: support regexp-based editing of HTTP headers [Nick Kew] @@ -125,12 +125,6 @@ Changes with Apache 2.3.0 his value is defined as 258, thus limiting the MaxThreads to that value. [Mladen Turk] - *) SECURITY: CVE-2006-3747 (cve.mitre.org) - mod_rewrite: Fix an off-by-one security problem in the ldap scheme - handling. For some RewriteRules this could lead to a pointer being - written out of bounds. Reported by Mark Dowd of McAfee. - [Mark Cox] - *) mod_cache: While serving a cached entity ensure that filters that have been applied to this cached entity before saving it to the cache are not applied again. PR 40090. [Ruediger Pluem] @@ -345,6 +339,12 @@ Changes with Apache 2.2.4 Changes with Apache 2.2.3 + *) SECURITY: CVE-2006-3747 (cve.mitre.org) + mod_rewrite: Fix an off-by-one security problem in the ldap scheme + handling. For some RewriteRules this could lead to a pointer being + written out of bounds. Reported by Mark Dowd of McAfee. + [Mark Cox] + *) mod_authn_alias: Add a check to make sure that the base provider and the alias names are different and also that the alias has not been registered before. PR 40051. [Brad Nicholes] |