[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-cvs
Subject: cvs commit: httpd-site/xdocs index.xml
From: wrowe () apache ! org
Date: 2004-09-28 20:25:35
Message-ID: 20040928202535.21086.qmail () minotaur ! apache ! org
[Download RAW message or body]
wrowe 2004/09/28 13:25:35
Modified: docs index.html
xdocs index.xml
Log:
Pushing out .52 at last.
Revision Changes Path
1.88 +9 -21 httpd-site/docs/index.html
Index: index.html
===================================================================
RCS file: /home/cvs/httpd-site/docs/index.html,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- index.html 20 Sep 2004 20:17:23 -0000 1.87
+++ index.html 28 Sep 2004 20:25:35 -0000 1.88
@@ -94,37 +94,25 @@
<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr><td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
- <a name="2.0.51"><strong>Apache 2.0.51 Released</strong></a>
+ <a name="2.0.52"><strong>Apache 2.0.52 Released</strong></a>
</font>
</td></tr>
<tr><td>
<blockquote>
<p>The Apache HTTP Server Project is proud to <a \
href="http://www.apache.org/dist/httpd/Announcement2.html">announce</a> \
the
-release of version 2.0.51 of the Apache HTTP Server ("Apache").</p>
+release of version 2.0.52 of the Apache HTTP Server ("Apache").</p>
<p>This version of Apache is principally a bug fix release. Of
- particular note is that 2.0.51 addresses five security
- vulnerabilities:</p>
-<p>An input validation issue in IPv6 literal address parsing which
- can result in a negative length parameter being passed to memcpy.<br />
- <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786">CAN-2004-0786</a>]</code></p>
-<p>A buffer overflow in configuration file parsing could allow a
- local user to gain the privileges of a httpd child if the server
- can be forced to parse a carefully crafted .htaccess file.<br />
- <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747">CAN-2004-0747</a>]</code></p>
-<p>A segfault in mod_ssl which can be triggered by a malicious
- remote server, if proxying to SSL servers has been configured.<br />
- <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751">CAN-2004-0751</a>]</code></p>
-<p>A potential infinite loop in mod_ssl which could be triggered
- given particular timing of a connection abort.<br />
- <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748">CAN-2004-0748</a>]</code></p>
-<p>A segfault in mod_dav_fs which can be remotely triggered by an
- indirect lock refresh request.<br />
- <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809">CAN-2004-0809</a>]</code></p>
+ particular note is that 2.0.52 addresses one new security related
+ flaw introduced in 2.0.51:</p>
+<p>Fix merging of the Satisfy directive, which was applied to
+ the surrounding context and could allow access despite configured
+ authentication.<br />
+ <code>[<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0811">CAN-2004-0811</a>]</code></p>
<p>For further details, see the <a \
href="http://www.apache.org/dist/httpd/Announcement2.html">announcement</a>.</p> <p \
align="center"> <a href="download.cgi">Download</a> |
<a href="docs-2.0/new_features_2_0.html">New Features in Apache 2.0</a> |
-<a href="http://www.apache.org/dist/httpd/CHANGES_2.0.51">ChangeLog for 2.0.51</a> \
| +<a href="http://www.apache.org/dist/httpd/CHANGES_2.0.52">ChangeLog for \
2.0.52</a> | <a href="http://www.apache.org/dist/httpd/CHANGES_2.0">ChangeLog for \
2.0</a> </p>
</blockquote>
1.65 +11 -35 httpd-site/xdocs/index.xml
Index: index.xml
===================================================================
RCS file: /home/cvs/httpd-site/xdocs/index.xml,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -r1.64 -r1.65
--- index.xml 20 Sep 2004 20:17:23 -0000 1.64
+++ index.xml 28 Sep 2004 20:25:35 -0000 1.65
@@ -37,47 +37,23 @@
your downloads using PGP or MD5 signatures!</p>
</section>
-<section id="2.0.51">
-<title>Apache 2.0.51 Released</title>
+<section id="2.0.52">
+<title>Apache 2.0.52 Released</title>
<p>The Apache HTTP Server Project is proud to <a
href="http://www.apache.org/dist/httpd/Announcement2.html">announce</a> the
-release of version 2.0.51 of the Apache HTTP Server ("Apache").</p>
+release of version 2.0.52 of the Apache HTTP Server ("Apache").</p>
<p>This version of Apache is principally a bug fix release. Of
- particular note is that 2.0.51 addresses five security
- vulnerabilities:</p>
+ particular note is that 2.0.52 addresses one new security related
+ flaw introduced in 2.0.51:</p>
-<p>An input validation issue in IPv6 literal address parsing which
- can result in a negative length parameter being passed to memcpy.<br/>
+<p>Fix merging of the Satisfy directive, which was applied to
+ the surrounding context and could allow access despite configured
+ authentication.<br/>
<code>[<a
- href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786"
- >CAN-2004-0786</a>]</code></p>
-
-<p>A buffer overflow in configuration file parsing could allow a
- local user to gain the privileges of a httpd child if the server
- can be forced to parse a carefully crafted .htaccess file.<br/>
- <code>[<a
- href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747"
- >CAN-2004-0747</a>]</code></p>
-
-<p>A segfault in mod_ssl which can be triggered by a malicious
- remote server, if proxying to SSL servers has been configured.<br/>
- <code>[<a
- href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751"
- >CAN-2004-0751</a>]</code></p>
-
-<p>A potential infinite loop in mod_ssl which could be triggered
- given particular timing of a connection abort.<br/>
- <code>[<a
- href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748"
- >CAN-2004-0748</a>]</code></p>
-
-<p>A segfault in mod_dav_fs which can be remotely triggered by an
- indirect lock refresh request.<br/>
- <code>[<a
- href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809"
- >CAN-2004-0809</a>]</code></p>
+ href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0811"
+ >CAN-2004-0811</a>]</code></p>
<p>For further details, see the <a
href="http://www.apache.org/dist/httpd/Announcement2.html">announcement</a>.</p>
@@ -85,7 +61,7 @@
<p align="center">
<a href="download.cgi">Download</a> |
<a href="docs-2.0/new_features_2_0.html">New Features in Apache 2.0</a> |
-<a href="http://www.apache.org/dist/httpd/CHANGES_2.0.51">ChangeLog for 2.0.51</a> \
| +<a href="http://www.apache.org/dist/httpd/CHANGES_2.0.52">ChangeLog for \
2.0.52</a> | <a href="http://www.apache.org/dist/httpd/CHANGES_2.0">ChangeLog for \
2.0</a> </p>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic