[CrackMonkey] [ryan@SECURITYFOCUS.COM: Apache 1.3.12]
Seth David Schoen
schoen at loyalty.org
Fri Feb 25 15:53:57 PST 2000
----- Forwarded message from Ryan Russell <ryan at SECURITYFOCUS.COM> -----
Date: Fri, 25 Feb 2000 11:54:33 -0800
From: Ryan Russell <ryan at SECURITYFOCUS.COM>
Subject: Apache 1.3.12
To: BUGTRAQ at SECURITYFOCUS.COM
From:
http://www.apache.org/dist/Announcement.html
Apache 1.3.12 Released
The Apache Software Foundation and The Apache Server Project are pleased
to announce the release of version 1.3.12 of the Apache HTTP server.
The primary changes in this version of Apache are those related to the
``cross site scripting'' security alerts described at
http://www.cert.org/advisories/CA-2000-02.html
http://www.apache.org/info/css-security/index.html
Specifically, charset
handling has been improved and reinforced (including a new directive:
AddDefaultCharset) and server generated pages properly escape ``userland''
input.
A complete listing with detailed descriptions is provided in the
CHANGES file.
NOTE: This official release incorporates a slightly
different version of the original patch for the 'css' issue. In
particular, the AddDefaultCharsetName directive was removed and this
function is now completely handled by the AddDefaultCharset directive. If
you were using this patch, you will need to adjust your configuration file
to reflect this change.
[...]
----- End forwarded message -----
So, they've applied the famous DeCSS patch, eh?
--
Seth David Schoen <schoen at loyalty.org> | And do not say, I will study when I
Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will
down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5
More information about the Crackmonkey
mailing list