From: Mark J. Cox Date: Tue, 30 Aug 2005 11:19:40 +0000 (+0000) Subject: Go through the list of allocated CVE names for httpd related issues and X-Git-Tag: 2.0.55~65 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8985d3ed0f0b965659971e44bf13c7a2e1f00079;p=thirdparty%2Fapache%2Fhttpd.git Go through the list of allocated CVE names for httpd related issues and fix up CHANGES to match. Still got four older issues in my queue to add in here. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@264758 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index d1942deb745..683c5bd75b9 100644 --- a/CHANGES +++ b/CHANGES @@ -16,7 +16,8 @@ Changes with Apache 2.0.55 (or if it didn't succeed) for non-authoritative cases. [Jim Jagielski] - *) Fix cases where the byterange filter would buffer responses + *) SECURITY: CAN-2005-2728 (cve.mitre.org) + Fix cases where the byterange filter would buffer responses into memory. PR 29962. [Joe Orton] *) mod_proxy: Fix over-eager handling of '%' for reverse proxies. @@ -33,7 +34,7 @@ Changes with Apache 2.0.55 *) mod_ssl: Fix build with OpenSSL 0.9.8. PR 35757. [William Rowe] - *) SECURITY: CAN-2005-2088 + *) SECURITY: CAN-2005-2088 (cve.mitre.org) core: If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks. [Paul Querna, Joe Orton] @@ -1247,7 +1248,8 @@ Changes with Apache 2.0.46 names faulted the running OS2 worker process. The fix is actually in APR 0.9.4. [Brian Havard] - *) Forward port: Escape special characters (especially control + *) SECURITY: CAN-2003-0083 (cve.mitre.org) + Forward port: Escape special characters (especially control characters) in mod_log_config to make a clear distinction between client-supplied strings (with special characters) and server-side strings. This was already introduced in version 1.3.25.