patches/packages/httpd-2.2.24-i486-1_slack12.1.tgz
This update provides bugfixes and enhancements.
Two security issues are fixed:
* Various XSS flaws due to unescaped hostnames and URIs
HTML output in
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
[Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
* XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
Niels Heinen <heinenn google com>]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
(* Security fix *)