From: Joshua Slive <slive@apache.org>
Date: Thu, 29 Apr 2004 19:58:59 +0000 (+0000)
Subject: Give the average user some chance of figuring out whether
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f5e383ae26148ae028073edf70020e117fa9cf0;p=thirdparty%2Fapache%2Fhttpd.git

Give the average user some chance of figuring out whether
the nonce issue affects them.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@103555 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/Announcement b/Announcement
index 515aae1c110..7140a0ace74 100644
--- a/Announcement
+++ b/Announcement
@@ -18,8 +18,9 @@
    security issues:
 
      o CAN-2003-0987 (cve.mitre.org)
-       Verification as to whether the nonce returned in the client response
-       is one we issued ourselves.
+       In mod_digest, verify whether the nonce returned in the client 
+       response is one we issued ourselves.  This problem does not affect
+       mod_auth_digest.
 
      o CAN-2003-0020 (cve.mitre.org)
        Escape arbitrary data before writing into the errorlog.
@@ -94,8 +95,9 @@
   Security vulnerabilities
 
      * CAN-2003-0987 (cve.mitre.org)
-       Verification as to whether the nonce returned in the client response
-       is one we issued ourselves.
+       In mod_digest, verify whether the nonce returned in the client 
+       response is one we issued ourselves.  This problem does not affect
+       mod_auth_digest.
 
      * CAN-2003-0020 (cve.mitre.org)
        Escape arbitrary data before writing into the errorlog.