Skip to content
  1. Jul 14, 2012
  2. Jul 13, 2012
  3. Jul 12, 2012
  4. Jul 11, 2012
  5. Jul 10, 2012
  6. Jul 09, 2012
  7. Jul 08, 2012
  8. Jul 07, 2012
  9. Jul 06, 2012
  10. Jul 04, 2012
  11. Jul 03, 2012
    • Stefan Fritsch's avatar
      Merge r1349905: · 096fbe4a
      Stefan Fritsch authored
          SECURITY: CVE-2012-2687 (cve.mitre.org):
      
          mod_negotiation: Escape filenames in variant list to prevent an
          possible XSS for a site where untrusted users can upload files to a
          location with MultiViews enabled.
      
          * modules/mappers/mod_negotiation.c (make_variant_list): Escape
            filenames in variant list.
      
          Submitted by: Niels Heinen <heinenn google.com>
      
      Reviewed by: covener, jorton, sf
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1356889 13f79535-47bb-0310-9956-ffa450edef68
      096fbe4a