From 96b3683a8c9a94194b51040d335ee6f5136423e7 Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Wed, 2 Jan 2008 09:50:56 +0000 Subject: [PATCH] * These are now backported. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@608063 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/CHANGES b/CHANGES index e9a5795260..dac3197b43 100644 --- a/CHANGES +++ b/CHANGES @@ -2,20 +2,6 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] - *) SECURITY: CVE-2007-6388 (cve.mitre.org) - mod_status: Ensure refresh parameter is numeric to prevent - a possible XSS attack caused by redirecting to other URLs. - Reported by SecurityReason. [Mark Cox, Joe Orton] - - *) SECURITY: CVE-2007-6421 (cve.mitre.org) - mod_proxy_balancer: Correctly escape the worker route and the worker - redirect string in the HTML output of the balancer manager. - Reported by SecurityReason. [Ruediger Pluem] - - *) SECURITY: CVE-2007-6422 (cve.mitre.org) - Prevent crash in balancer manager if invalid balancer name is passed - as parameter. Reported by SecurityReason. [Ruediger Pluem] - *) Introduce the ProxyFtpDirCharset directive, allowing the administrator to identify a default, or specific servers or paths which list their contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem] @@ -23,11 +9,6 @@ Changes with Apache 2.3.0 *) mod_dav: Fix evaluation of If-Match * and If-None-Match * conditionals. PR 38034 [Paritosh Shah ] - *) mod_dav: Adjust etag generation to produce identical results on 32-bit - and 64-bit platforms and avoid a regression with conditional PUT's on lock - and etag. PR 44152. - [Michael Clark , Ruediger Pluem] - *) mod_deflate: Transform ETag when transforming the entity. PR 39727 [Henrik Nordstrom , Nick Kew] -- 2.40.0