backported

author Eric Covener <covener@apache.org>

Fri, 9 Dec 2016 13:58:30 +0000 (13:58 +0000)

committer Eric Covener <covener@apache.org>

Fri, 9 Dec 2016 13:58:30 +0000 (13:58 +0000)
author Eric Covener <covener@apache.org>
Fri, 9 Dec 2016 13:58:30 +0000 (13:58 +0000)
committer Eric Covener <covener@apache.org>
Fri, 9 Dec 2016 13:58:30 +0000 (13:58 +0000)
diff --git a/CHANGES b/CHANGES

index 517ed5abbb542d6f397031d9a3c063987c7fa3d6..f50ca6417088d7cd72d378b4cce40688975b21a4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,16 +4,6 @@ Changes with Apache 2.5.0
    *) core: Drop Content-Length header and message-body from HTTP 204 responses.
       PR 51350 [Luca Toscano]
  
-  *) SECURITY: CVE-2016-2161 (cve.mitre.org)
-     mod_auth_digest: Prevent segfaults during client entry allocation when the
-     shared memory space is exhausted. [Maksim Malyutin <m.malyutin dsec.ru>,
-     Eric Covener, Jacob Champion]
-
-  *) SECURITY: CVE-2016-0736 (cve.mitre.org)
-     mod_session_crypto: Authenticate the session data/cookie with a
-     MAC (SipHash) to prevent deciphering or tampering with a padding
-     oracle attack.  [Yann Ylavic, Colm MacCarthaigh]
-
    *) mod_lua: Fix default value of LuaInherit directive. It should be 
       'parent-first' instead of 'none', as per documentation.  PR 60419
       [Christophe Jaillet]
author	Eric Covener <covener@apache.org>
	Fri, 9 Dec 2016 13:58:30 +0000 (13:58 +0000)
committer	Eric Covener <covener@apache.org>
	Fri, 9 Dec 2016 13:58:30 +0000 (13:58 +0000)