brian 98/06/30 01:08:35
Modified: src CHANGES
Log:
Correct attributions; trailing dots and trailing slashes had separate
patches and I was getting confused.
Revision Changes Path
1.941 +2 -2 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.940
retrieving revision 1.941
diff -u -r1.940 -r1.941
--- CHANGES 1998/06/29 19:01:59 1.940
+++ CHANGES 1998/06/30 08:08:33 1.941
@@ -27,7 +27,7 @@
*) Win32 (security): Eliminate trailing "."s in path components. These are
ignored by the Windows filesystem, and so can be used to bypass
security.
- [Ben Laurie, Alexei Kosut, W G Stoddard].
+ [Ben Laurie, Alexei Kosut].
*) We now attempt to dump core when we get SIGILL. [Jim Jagielski]
@@ -45,7 +45,7 @@
*) Win32 (security): Eliminate directories consisting of three or more
dots;
these are treated by Win32 as if they are ".." but are not detected by
other machinery within Apache. This is something of a kludge but
- eliminates a security hole. [W G Stoddard, Ben Laurie]
+ eliminates a security hole. [Manoj Kasichainula, Ben Laurie]
*) Move ap_escape_quotes() from src/ap to src/main/util.c; it uses
pools and thus pollutes libap (until the pool stuff is moved there).
