From: Bill Stoddard <stoddard@apache.org>
Date: Fri, 19 Apr 2002 18:37:05 +0000 (+0000)
Subject: Flag this a bit more clearly as a security issue...
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=586e7f06e3a9de481e13304559463cb6100a0c81;p=thirdparty%2Fapache%2Fhttpd.git

Flag this a bit more clearly as a security issue...


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94720 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/CHANGES b/src/CHANGES
index eada8612136..9d61ac9ea38 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -34,7 +34,8 @@ Changes with Apache 1.3.24
   *) Fixed a segfault in mod_include when #if, #elif, #else, or #endif
      directives were improperly terminated.  [Cliff Woolley]
 
-  *) Introduce proper escaping of command.com and cmd.exe for Win32.
+  *) Win32 Security: CAN-2002-0061
+     Introduce proper escaping of command.com and cmd.exe for Win32.
      These patches close vulnerability CAN-2002-0061, identified and
      reported by Ory Segal <ory.segal@sanctuminc>, by which any CGI
      invocation of .bat or .cmd files could compromise the system