Make a PR reference consistent and keep the SECURITY changes first.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@374902 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index b7429749b120897f66ca133f33e546cbd77b0050..93ff5e743b4021146567348ada7606769adc096b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,9 +1,6 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.56
 
-  *) Fix PR#38070: Avoid server-driven negotiation when a CGI script
-     has emitted an explicit Status: header [Nick Kew].
-
   *) SECURITY: CVE-2005-3357 (cve.mitre.org)
      mod_ssl: Fix a possible crash during access control checks if a
      non-SSL request is processed for an SSL vhost (such as the
@@ -17,6 +14,9 @@ Changes with Apache 2.0.56
      ap_escape_html so we escape quotes.  Reported by JPCERT.
      [Mark Cox]
 
+  *) Avoid server-driven negotiation when a CGI script has emitted an 
+     explicit "Status:" header. PR 38070.  [Nick Kew]
+
   *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
      format is used. PR 27787.  [André Malo]