From: Mark J. Cox <mjc@apache.org>
Date: Thu, 2 Sep 2004 09:52:02 +0000 (+0000)
Subject: CAN to CVE promotions from CVE version 20040901
X-Git-Tag: 2.0.51~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90eb2550451550f05f02d832212f208782b71a27;p=thirdparty%2Fapache%2Fhttpd.git

CAN to CVE promotions from CVE version 20040901
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@104931 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 98d44b709f2..6711380189a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -369,7 +369,7 @@ Changes with Apache 2.0.49
   *) mod_ssl: Send the Close Alert message to the peer before closing
      the SSL session.  PR 27428.  [Madhusudan Mathihalli, Joe Orton]
 
-  *) SECURITY: CAN-2004-0113 (cve.mitre.org)
+  *) SECURITY: CVE-2004-0113 (cve.mitre.org)
      mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
      PR 27106.  [Joe Orton]
 
@@ -541,7 +541,7 @@ Changes with Apache 2.0.49
   *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
      the destination resource gives a 401.  PR 15571.  [Joe Orton]
 
-  *) SECURITY: CAN-2003-0020 (cve.mitre.org)
+  *) SECURITY: CVE-2003-0020 (cve.mitre.org)
      Escape arbitrary data before writing into the errorlog. Unescaped
      errorlogs are still possible using the compile time switch
      "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, André Malo]
@@ -1429,7 +1429,7 @@ Changes with Apache 2.0.44
 
 Changes with Apache 2.0.43
 
-  *) SECURITY [CAN-2002-0840]: HTML-escape the address produced by 
+  *) SECURITY [CVE-2002-0840]: HTML-escape the address produced by 
      ap_server_signature() against this cross-site scripting 
      vulnerability exposed by the directive 'UseCanonicalName Off'.  
      Also HTML-escape the SERVER_NAME environment variable for CGI 
@@ -1452,7 +1452,7 @@ Changes with Apache 2.0.43
      could lead to an infinite loop.  PR 12705  
      [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
 
-  *) SECURITY [CAN-2002-1156] (cve.mitre.org):
+  *) SECURITY [CVE-2002-1156] (cve.mitre.org):
      Fix the exposure of CGI source when a POST request is sent to 
      a location where both DAV and CGI are enabled. [Ryan Bloom]
 
@@ -8414,7 +8414,7 @@ Changes with Apache 1.3.2
      run-time configurable using the ExtendedStatus directive.
      [Jim Jagielski]
 
-  *) SECURITY [CAN-1999-1199] (cve.mitre.org): 
+  *) SECURITY [CVE-1999-1199] (cve.mitre.org): 
      Eliminate O(n^2) space DoS attacks (and other O(n^2)
      cpu time attacks) in header parsing.  Add ap_overlap_tables(),
      a function which can be used to perform bulk update operations