changelog.xml

jfclere Fri, 02 Mar 2007 07:28:08 -0800

Author: jfclere
Date: Fri Mar  2 07:27:47 2007
New Revision: 513808

URL: http://svn.apache.org/viewvc?view=rev&rev=513808
Log:
Add lastest idem from 1.2.21


Modified:
    tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=diff&rev=513808&r1=513807&r2=513808
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Fri Mar  2 
07:27:47 2007
@@ -29,6 +29,17 @@
   <br />
   <subsection name="Native">
     <changelog>
+      <fix>
+        <a 
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774";><b>CVE-2007-0774</b></a>
+        : Fix a buffer overflow in map_uri_to_worker().
+        URL longer that 4095 were crashing mod_jk.
+        This could have allow different kind of attacks. Reported by ZDI.
+        Please note this issue only affected versions 1.2.19 and 1.2.20 of the
+        Apache Tomcat JK Web Server Connector and not previous versions.
+        Tomcat 5.5.20 and Tomcat 4.1.34
+        included a vulnerable version in their source packages.
+        Other versions of Tomcat were not affected.
+      </fix>
       <add>
       Check the worker. parameters and don't start if the parameter is not a 
valid one. (jfclere)
       </add>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513808 - /tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

Reply via email to