From: Mark J. Cox Date: Thu, 1 Sep 2005 13:33:18 +0000 (+0000) Subject: CAN-2004-1834 was created in March 2004 when it was reported X-Git-Tag: 2.0.55~59 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=13d8aad9a02d0956c356053b751fbb452bb74e13;p=thirdparty%2Fapache%2Fhttpd.git CAN-2004-1834 was created in March 2004 when it was reported that mod_disk_cache would store these headers -- leading to a small potential risk that you'd end up with authentication headers on disk and visible to users (or cgi scripts or whatever). Make a note which commit actually ended up closing this low impact issue. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@265719 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 445e96b7b98..323f933bfb7 100644 --- a/CHANGES +++ b/CHANGES @@ -225,7 +225,8 @@ Changes with Apache 2.0.53 is causing a potential problem with the LDAP shared memory cache. PR 31431 [Graham Leggett] - *) mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz] + *) SECURITY: CAN-2004-1834 (cve.mitre.org) + mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz] *) Fix the re-linking issue when purging elements from the LDAP cache PR 24801. [Jess Holle ]