'cvs commit: httpd-site/xdocs index.xml'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-cvs
Subject:    cvs commit: httpd-site/xdocs index.xml
From:       wrowe () apache ! org
Date:       2004-09-28 20:25:35
Message-ID: 20040928202535.21086.qmail () minotaur ! apache ! org
[Download RAW message or body]

wrowe       2004/09/28 13:25:35

  Modified:    docs     index.html
               xdocs    index.xml
  Log:
    Pushing out .52 at last.
  
  Revision  Changes    Path
  1.88      +9 -21     httpd-site/docs/index.html
  
  Index: index.html
  ===================================================================
  RCS file: /home/cvs/httpd-site/docs/index.html,v
  retrieving revision 1.87
  retrieving revision 1.88
  diff -u -r1.87 -r1.88
  --- index.html	20 Sep 2004 20:17:23 -0000	1.87
  +++ index.html	28 Sep 2004 20:25:35 -0000	1.88
  @@ -94,37 +94,25 @@
              <table border="0" cellspacing="0" cellpadding="2" width="100%">
    <tr><td bgcolor="#525D76">
     <font color="#ffffff" face="arial,helvetica,sanserif">
  -   <a name="2.0.51"><strong>Apache 2.0.51 Released</strong></a>
  +   <a name="2.0.52"><strong>Apache 2.0.52 Released</strong></a>
     </font>
    </td></tr>
    <tr><td>
     <blockquote>
   <p>The Apache HTTP Server Project is proud to <a \
                href="http://www.apache.org/dist/httpd/Announcement2.html">announce</a> \
                the
  -release of version 2.0.51 of the Apache HTTP Server ("Apache").</p>
  +release of version 2.0.52 of the Apache HTTP Server ("Apache").</p>
   <p>This version of Apache is principally a bug fix release.  Of
  -   particular note is that 2.0.51 addresses five security
  -   vulnerabilities:</p>
  -<p>An input validation issue in IPv6 literal address parsing which
  -   can result in a negative length parameter being passed to memcpy.<br />
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786">CAN-2004-0786</a>]</code></p>
                
  -<p>A buffer overflow in configuration file parsing could allow a
  -   local user to gain the privileges of a httpd child if the server
  -   can be forced to parse a carefully crafted .htaccess file.<br />
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747">CAN-2004-0747</a>]</code></p>
                
  -<p>A segfault in mod_ssl which can be triggered by a malicious
  -   remote server, if proxying to SSL servers has been configured.<br />
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751">CAN-2004-0751</a>]</code></p>
                
  -<p>A potential infinite loop in mod_ssl which could be triggered 
  -   given particular timing of a connection abort.<br />
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748">CAN-2004-0748</a>]</code></p>
                
  -<p>A segfault in mod_dav_fs which can be remotely triggered by an
  -   indirect lock refresh request.<br />
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809">CAN-2004-0809</a>]</code></p>
  +   particular note is that 2.0.52 addresses one new security related
  +   flaw introduced in 2.0.51:</p>
  +<p>Fix merging of the Satisfy directive, which was applied to
  +   the surrounding context and could allow access despite configured
  +   authentication.<br />
  +   <code>[<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0811">CAN-2004-0811</a>]</code></p>
  <p>For further details, see the <a \
href="http://www.apache.org/dist/httpd/Announcement2.html">announcement</a>.</p>  <p \
align="center">  <a href="download.cgi">Download</a> | 
   <a href="docs-2.0/new_features_2_0.html">New Features in Apache 2.0</a> |
  -<a href="http://www.apache.org/dist/httpd/CHANGES_2.0.51">ChangeLog for 2.0.51</a> \
|  +<a href="http://www.apache.org/dist/httpd/CHANGES_2.0.52">ChangeLog for \
2.0.52</a> |  <a href="http://www.apache.org/dist/httpd/CHANGES_2.0">ChangeLog for \
2.0</a>  </p>
     </blockquote>
  
  
  
  1.65      +11 -35    httpd-site/xdocs/index.xml
  
  Index: index.xml
  ===================================================================
  RCS file: /home/cvs/httpd-site/xdocs/index.xml,v
  retrieving revision 1.64
  retrieving revision 1.65
  diff -u -r1.64 -r1.65
  --- index.xml	20 Sep 2004 20:17:23 -0000	1.64
  +++ index.xml	28 Sep 2004 20:25:35 -0000	1.65
  @@ -37,47 +37,23 @@
   your downloads using PGP or MD5 signatures!</p>
   </section>
   
  -<section id="2.0.51">
  -<title>Apache 2.0.51 Released</title>
  +<section id="2.0.52">
  +<title>Apache 2.0.52 Released</title>
   
   <p>The Apache HTTP Server Project is proud to <a
   href="http://www.apache.org/dist/httpd/Announcement2.html">announce</a> the
  -release of version 2.0.51 of the Apache HTTP Server ("Apache").</p>
  +release of version 2.0.52 of the Apache HTTP Server ("Apache").</p>
   
   <p>This version of Apache is principally a bug fix release.  Of
  -   particular note is that 2.0.51 addresses five security
  -   vulnerabilities:</p>
  +   particular note is that 2.0.52 addresses one new security related
  +   flaw introduced in 2.0.51:</p>
   
  -<p>An input validation issue in IPv6 literal address parsing which
  -   can result in a negative length parameter being passed to memcpy.<br/>
  +<p>Fix merging of the Satisfy directive, which was applied to
  +   the surrounding context and could allow access despite configured
  +   authentication.<br/>
      <code>[<a
  -   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786"
  -   >CAN-2004-0786</a>]</code></p>
  -
  -<p>A buffer overflow in configuration file parsing could allow a
  -   local user to gain the privileges of a httpd child if the server
  -   can be forced to parse a carefully crafted .htaccess file.<br/>
  -   <code>[<a
  -   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747"
  -   >CAN-2004-0747</a>]</code></p>
  -   
  -<p>A segfault in mod_ssl which can be triggered by a malicious
  -   remote server, if proxying to SSL servers has been configured.<br/>
  -   <code>[<a
  -   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751"
  -   >CAN-2004-0751</a>]</code></p>
  -
  -<p>A potential infinite loop in mod_ssl which could be triggered 
  -   given particular timing of a connection abort.<br/>
  -   <code>[<a
  -   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748"
  -   >CAN-2004-0748</a>]</code></p>
  -
  -<p>A segfault in mod_dav_fs which can be remotely triggered by an
  -   indirect lock refresh request.<br/>
  -   <code>[<a
  -   href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809"
  -   >CAN-2004-0809</a>]</code></p>
  +   href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0811"
  +   >CAN-2004-0811</a>]</code></p>
   
   <p>For further details, see the <a
   href="http://www.apache.org/dist/httpd/Announcement2.html">announcement</a>.</p>
  @@ -85,7 +61,7 @@
   <p align="center">
   <a href="download.cgi">Download</a> | 
   <a href="docs-2.0/new_features_2_0.html">New Features in Apache 2.0</a> |
  -<a href="http://www.apache.org/dist/httpd/CHANGES_2.0.51">ChangeLog for 2.0.51</a> \
|  +<a href="http://www.apache.org/dist/httpd/CHANGES_2.0.52">ChangeLog for \
2.0.52</a> |  <a href="http://www.apache.org/dist/httpd/CHANGES_2.0">ChangeLog for \
2.0</a>  </p>
   
  
  
  


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic