From: Mark J. Cox <mjc@apache.org>
Date: Tue, 20 Jan 2004 11:06:23 +0000 (+0000)
Subject: Consistant formatting of CVE entries in ChangeLog
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=08e1942db59d7806cca5859b450b5c34557985f8;p=thirdparty%2Fapache%2Fhttpd.git

Consistant formatting of CVE entries in ChangeLog
Add missing CVE name from access log filtering patch
CAN to CVE migration (not many this time)
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@102382 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/CHANGES b/src/CHANGES
index f8f875affa8..7efb5f1769d 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -24,8 +24,9 @@ Changes with Apache 1.3.30
   *) Forensic logging module added (mod_log_forensic).
      [Ben Laurie]
 
-  *) SECURITY [CAN-2003-0020]: Escape arbitrary data before writing
-     into the errorlog.  [André Malo]
+  *) SECURITY: CAN-2003-0020 (cve.mitre.org)
+     Escape arbitrary data before writing into the errorlog.  
+     [André Malo]
 
   *) '%X' is now accepted as an alias for '%c' in the
      LogFormat directive. This allows you to configure logging
@@ -419,7 +420,8 @@ Changes with Apache 1.3.25
      Netscape-4.x Roaming Profiles (on a DAV-enabled server)
      [Martin Kraemer]
 
-  *) Disallow anything but whitespace on the request line after the
+  *) SECURITY: CAN-2003-0083 (cve.mitre.org)
+     Disallow anything but whitespace on the request line after the
      HTTP/x.y protocol string. That prevents arbitrary user input
      from ending up in the access_log and error_log. Also, special
      characters (especially control characters) are escaped in the
@@ -501,7 +503,7 @@ Changes with Apache 1.3.24
 
   *) Win32 SECURITY: CVE-2002-0061 (cve.mitre.org)
      Introduce proper escaping of command.com and cmd.exe for Win32.
-     These patches close vulnerability CAN-2002-0061, identified and
+     These patches close vulnerability CVE-2002-0061, identified and
      reported by Ory Segal <ory.segal sanctuminc>, by which any CGI
      invocation of .bat or .cmd files could compromise the system 
      when the .bat or .cmd was parsed the query args as an argument