From: Bill Stoddard <stoddard@apache.org>
Date: Fri, 19 Apr 2002 19:26:33 +0000 (+0000)
Subject: Reference CVS id
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=01f7154f7c66beed670d1dacd39d306c8d9691f9;p=thirdparty%2Fapache%2Fhttpd.git

Reference CVS id


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94724 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/CHANGES b/src/CHANGES
index 16b4a3e04eb..b1426f2e3b1 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1023,7 +1023,7 @@ Changes with Apache 1.3.13 [not released]
      tree, and other minor MPE tweaks.  
      [Mark Bixby <mark_bixby@hp.com>]
 
-  *) Tighten up the syntax checking of Host: headers to fix a
+  *) Security: Tighten up the syntax checking of Host: headers to fix a
      security bug in some mass virtual hosting configurations
      that can allow a remote attacker to retrieve some files
      on the system that should be inaccessible. [Tony Finch]
@@ -1036,7 +1036,8 @@ Changes with Apache 1.3.13 [not released]
      SHA1 and plaintext password encodings.  Make feature tests a
      bit more flexible.  [William Rowe]
 
-  *) Fix a security problem that affects some configurations of
+  *) Security: CVE-2000-0913
+     Fix a security problem that affects some configurations of
      mod_rewrite. If the result of a RewriteRule is a filename that
      contains expansion specifiers, especially regexp backreferences
      $0..$9 and %0..%9, then it may have been possible for an attacker