marc 98/03/05 14:54:32
Modified: src Tag: APACHE_1_2_X CHANGES
Log:
Add UserDir bug to CHANGES.
Revision Changes Path
No revision
No revision
1.286.2.77 +5 -0 apache-1.2/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache-1.2/src/CHANGES,v
retrieving revision 1.286.2.76
retrieving revision 1.286.2.77
diff -u -r1.286.2.76 -r1.286.2.77
--- CHANGES 1998/01/28 10:09:25 1.286.2.76
+++ CHANGES 1998/03/05 22:54:30 1.286.2.77
@@ -1,5 +1,10 @@
Changes with Apache 1.2.6
+ *) SECURITY: "UserDir /abspath" without a * in the path would allow
+ remote users to access "/~.." and bypass access restrictions
+ (but note /~../.. was handled properly).
+ [Lauri Jesmin <jesmin@ut.ee>] PR#1701
+
*) SIGURG doesn't exist on all platforms.
[Mark Andrew Heinrich <heinrich@tinderbox.Stanford.EDU>]
Modified: src Tag: APACHE_1_2_X CHANGES
Log:
Add UserDir bug to CHANGES.
Revision Changes Path
No revision
No revision
1.286.2.77 +5 -0 apache-1.2/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache-1.2/src/CHANGES,v
retrieving revision 1.286.2.76
retrieving revision 1.286.2.77
diff -u -r1.286.2.76 -r1.286.2.77
--- CHANGES 1998/01/28 10:09:25 1.286.2.76
+++ CHANGES 1998/03/05 22:54:30 1.286.2.77
@@ -1,5 +1,10 @@
Changes with Apache 1.2.6
+ *) SECURITY: "UserDir /abspath" without a * in the path would allow
+ remote users to access "/~.." and bypass access restrictions
+ (but note /~../.. was handled properly).
+ [Lauri Jesmin <jesmin@ut.ee>] PR#1701
+
*) SIGURG doesn't exist on all platforms.
[Mark Andrew Heinrich <heinrich@tinderbox.Stanford.EDU>]