Browse Source

- added cve numbers for DOS and mod_cgi bug

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2121 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.19
Marcus Rückert 14 years ago
parent
commit
8cc03378a1
  1. 4
      NEWS

4
NEWS

@ -26,7 +26,7 @@ NEWS
* fixed handling of EAGAIN in network-linux-sendfile (#657)
* reset conditional cache (#1164)
* create directories in mod_compress (was broken with alias/userdir) (#1027)
* fixed out of range access in fd array (#1562, #372)
* fixed out of range access in fd array (#1562, #372) (CVE-2008-0983)
* mod_compress should check if the request is already handled, e.g. by fastcgi (#1565)
* remove broken workaround for buggy Opera version with ssl/chunked encoding (#285)
* generate etag/last-modified header for on-the-fly-compressed files (#1171)
@ -45,7 +45,7 @@ NEWS
* remove compress cache file if compression or write failed (#1150)
* fixed body handling of status 300 requests
* spawn-fcgi: only try to connect to unix socket (not tcp) before spawning (#1575)
* fix sending source of cgi script instead of 500 error if fork fails
* fix sending source of cgi script instead of 500 error if fork fails (CVE-2008-1111)
* fix min-procs handling in mod_scgi.c, just set to max-procs (patch from #623)
* fix sending "408 - Timeout" instead of "410 - Gone" for timedout urls in mod_secdownload (#1440)
* workaround #1587: require userdir.path to be set to enable mod_userdir (empty string allowed)

Loading…
Cancel
Save