We can talk about this issue now

author Mark J. Cox <mjc@apache.org>

Tue, 3 Jun 2003 10:38:14 +0000 (10:38 +0000)

committer Mark J. Cox <mjc@apache.org>

Tue, 3 Jun 2003 10:38:14 +0000 (10:38 +0000)
author Mark J. Cox <mjc@apache.org>
Tue, 3 Jun 2003 10:38:14 +0000 (10:38 +0000)
committer Mark J. Cox <mjc@apache.org>
Tue, 3 Jun 2003 10:38:14 +0000 (10:38 +0000)
diff --git a/CHANGES b/CHANGES

index b6cdbbeeebbee20beb7174a7780d241fd9887ad4..c3de2b030e8acbf6bc40606cbfcdba2fa08b8c7d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,12 +9,11 @@ Changes with Apache 2.0.47
  
  Changes with Apache 2.0.46
  
-  *) SECURITY [CAN-2003-0245]: Fixed a bug that could be triggered
-     remotely through mod_dav and possibly other mechanisms, causing
-     an Apache child process to crash.  The crash was first reported
-     by David Endler <DEndler@iDefense.com> and was researched and
-     fixed by Joe Orton <jorton@redhat.com>.  Details will be released
-     on 30 May 2003.
+  *) SECURITY [CAN-2003-0245]: Fixed a bug causing apr_pvsprintf() to crash 
+     by sending an overly long string.  This can be triggered remotely 
+     through mod_dav, mod_ssl, and other mechanisms.  Reported by David
+     Endler <DEndler@iDefense.com>.
+     [Joe Orton <jorton@redhat.com>]
  
    *) SECURITY [CAN-2003-0189]: Fixed a denial-of-service vulnerability
       affecting basic authentication on Unix platforms related to
author	Mark J. Cox <mjc@apache.org>
	Tue, 3 Jun 2003 10:38:14 +0000 (10:38 +0000)
committer	Mark J. Cox <mjc@apache.org>
	Tue, 3 Jun 2003 10:38:14 +0000 (10:38 +0000)