04/11/02 03:47:42 OaN+Hd26
> Sun Oct 31 22:03:05 PST 2004
> ap/mysql-4.0.22-i486-1.tgz: Upgraded to mysql-4.0.22.
> l/libtiff-3.7.0-i486-1.tgz: Upgraded to libtiff-3.7.0.
> This fixes several bugs that could lead to crashes, or could possibly allow
> arbitrary code to be executed. For more details, see:
> URLリンク(cve.mitre.org)
> URLリンク(cve.mitre.org)
> URLリンク(cve.mitre.org)
> (* Security fix *)
> n/apache-1.3.33-i486-1.tgz: Upgraded to apache-1.3.33.
> This fixes one new security issue (the first issue, CAN-2004-0492, was fixed
> in apache-1.3.32). The second bug fixed in 1.3.3 (CAN-2004-0940) allows a
> local user who can create SSI documents to become "nobody". The amount of
> mischief they could cause as nobody seems low at first glance, but it might
> allow them to use kill or killall as nobody to try to create a DoS.
> Mention PHP's mhash dependency in httpd.conf (thanks to Jakub Jankowski).
> (* Security fix *)
> n/mod_ssl-2.8.22_1.3.33-i486-1.tgz: Upgraded to mod_ssl-2.8.22_1.3.33.