Give the average user some chance of figuring out whether

the nonce issue affects them.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@103555 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/Announcement b/Announcement
index 515aae1c11025565c65d89d1eeb9d2d8b81cb7d4..7140a0ace743e4c663d324653b6dfe991f22cea0 100644 (file)
--- a/Announcement
+++ b/Announcement
@@ -18,8 +18,9 @@
    security issues:
 
      o CAN-2003-0987 (cve.mitre.org)
-       Verification as to whether the nonce returned in the client response
-       is one we issued ourselves.
+       In mod_digest, verify whether the nonce returned in the client 
+       response is one we issued ourselves.  This problem does not affect
+       mod_auth_digest.
 
      o CAN-2003-0020 (cve.mitre.org)
        Escape arbitrary data before writing into the errorlog.
@@ -94,8 +95,9 @@
   Security vulnerabilities
 
      * CAN-2003-0987 (cve.mitre.org)
-       Verification as to whether the nonce returned in the client response
-       is one we issued ourselves.
+       In mod_digest, verify whether the nonce returned in the client 
+       response is one we issued ourselves.  This problem does not affect
+       mod_auth_digest.
 
      * CAN-2003-0020 (cve.mitre.org)
        Escape arbitrary data before writing into the errorlog.