Flag this a bit more clearly as a security issue...

author Bill Stoddard <stoddard@apache.org>

Fri, 19 Apr 2002 18:37:05 +0000 (18:37 +0000)

committer Bill Stoddard <stoddard@apache.org>

Fri, 19 Apr 2002 18:37:05 +0000 (18:37 +0000)
author Bill Stoddard <stoddard@apache.org>
Fri, 19 Apr 2002 18:37:05 +0000 (18:37 +0000)
committer Bill Stoddard <stoddard@apache.org>
Fri, 19 Apr 2002 18:37:05 +0000 (18:37 +0000)
diff --git a/src/CHANGES b/src/CHANGES

index eada8612136442e86f70043aa536f1a000926840..9d61ac9ea38732453e37bbb39a02d1277428603f 100644 (file)
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -34,7 +34,8 @@ Changes with Apache 1.3.24
    *) Fixed a segfault in mod_include when #if, #elif, #else, or #endif
       directives were improperly terminated.  [Cliff Woolley]
  
-  *) Introduce proper escaping of command.com and cmd.exe for Win32.
+  *) Win32 Security: CAN-2002-0061
+     Introduce proper escaping of command.com and cmd.exe for Win32.
       These patches close vulnerability CAN-2002-0061, identified and
       reported by Ory Segal <ory.segal@sanctuminc>, by which any CGI
       invocation of .bat or .cmd files could compromise the system
author	Bill Stoddard <stoddard@apache.org>
	Fri, 19 Apr 2002 18:37:05 +0000 (18:37 +0000)
committer	Bill Stoddard <stoddard@apache.org>
	Fri, 19 Apr 2002 18:37:05 +0000 (18:37 +0000)