Preload 1.3.33 Announcement

PR:
Obtained from:
Submitted by:
Reviewed by:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@105548 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/Announcement b/Announcement
index 74f3f85e1dff16f590a256c09e788e4cc8b36611..1c2cdc64dd58040753752fcd31aee2823608b72d 100644 (file)
--- a/Announcement
+++ b/Announcement
@@ -1,11 +1,11 @@
 
-                   Apache HTTP Server 1.3.32 Released
+                   Apache HTTP Server 1.3.33 Released
 
    The Apache Software Foundation and The Apache HTTP Server Project are
-   pleased to announce the release of version 1.3.32 of the Apache HTTP
+   pleased to announce the release of version 1.3.33 of the Apache HTTP
    Server ("Apache").  This Announcement notes the significant changes
-   in 1.3.32 as compared to 1.3.31.  The Announcement is also available
-   in German, Spanish and Japanese from:
+   in 1.3.33 as compared to 1.3.31 (1.3.32 was not released).  The
+   Announcement is also available in German, Spanish and Japanese from:
 
         http://www.apache.org/dist/httpd/Announcement.html.de
         http://www.apache.org/dist/httpd/Announcement.html.es
@@ -14,19 +14,23 @@
    This version of Apache is principally a bug and security fix release.
    A partial summary of the bug fixes is given at the end of this document.
    A full listing of changes can be found in the CHANGES file.  Of
-   particular note is that 1.3.32 addresses and fixes 1 potential
-   security issue:
+   particular note is that 1.3.33 addresses and fixes 2 potential
+   security issues:
+
+     o CAN-2004-0940 (cve.mitre.org)
+       Fix potential buffer overflow with escaped characters in
+       SSI tag string.
 
      o CAN-2004-0492 (cve.mitre.org)
        Reject responses from a remote server if sent an invalid
        (negative) Content-Length.
 
-   We consider Apache 1.3.32 to be the best version of Apache 1.3 available
+   We consider Apache 1.3.33 to be the best version of Apache 1.3 available
    and we strongly recommend that users of older versions, especially of
    the 1.1.x and 1.2.x family, upgrade as soon as possible.  No further
    releases will be made in the 1.2.x family.
 
-   Apache 1.3.32 is available for download from:
+   Apache 1.3.33 is available for download from:
    
        http://httpd.apache.org/download.cgi
 
@@ -75,10 +79,14 @@
    Apache 2.0 for better performance, stability and security on their
    platforms.
 
-                     Apache 1.3.32 Major changes
+                     Apache 1.3.33 Major changes
 
   Security vulnerabilities
 
+     * CAN-2004-0940 (cve.mitre.org)
+       Fix potential buffer overflow with escaped characters in
+       SSI tag string.
+
      * CAN-2004-0492 (cve.mitre.org)
        Reject responses from a remote server if sent an invalid
        (negative) Content-Length.
@@ -102,7 +110,7 @@
   Bugs fixed
 
    The following noteworthy bugs were found in Apache 1.3.31 (or earlier)
-   and have been fixed in Apache 1.3.32:
+   and have been fixed in Apache 1.3.33:
 
      * mod_rewrite: Fix query string handling for proxied URLs. PR 14518.