Move all sec issues to top and note that 2.0.60 never

existed :)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@572640 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 100898d42a34e61a3c9c719b9af306a74825a409..011991be234c3d7e30c53e5ba592bba426af56f6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,25 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.61
 
+  *) SECURITY: CVE-2007-3847 (cve.mitre.org)
+     mod_proxy: Prevent reading past the end of a buffer when parsing
+     date-related headers.  PR 41144.
+     [Davi Arnaut, Nick Kew]
+
+  *) SECURITY: CVE-2007-1863 (cve.mitre.org)
+     mod_cache: Prevent segmentation fault if a Cache-Control header has
+     no value.  [Niklas Edmundsson <nikke acc.umu.se>]
+
+  *) SECURITY: CVE-2006-5752 (cve.mitre.org)
+     mod_status: Fix a possible XSS attack against a site with a public
+     server-status page and ExtendedStatus enabled, for browsers which
+     perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]
+
+  *) SECURITY: CVE-2007-3304 (cve.mitre.org)
+     prefork, worker MPMs: Ensure that the parent process cannot
+     be forced to kill processes outside its process group. 
+     [Joe Orton, Jim Jagielski]
+
   *) log core: ensure we use a special pool for stderr logging, so that
      the stderr channel remains valid from the time plog is destroyed,
      until the time the open_logs hook is called again.  [William Rowe]
@@ -36,27 +55,6 @@ Changes with Apache 2.0.61
 
   *) ApacheMonitor: Fix Windows Vista detection. [Mladen Turk]
 
-Changes with Apache 2.0.60
-
-  *) SECURITY: CVE-2007-3847 (cve.mitre.org)
-     mod_proxy: Prevent reading past the end of a buffer when parsing
-     date-related headers.  PR 41144.
-     [Davi Arnaut, Nick Kew]
-
-  *) SECURITY: CVE-2007-1863 (cve.mitre.org)
-     mod_cache: Prevent segmentation fault if a Cache-Control header has
-     no value.  [Niklas Edmundsson <nikke acc.umu.se>]
-
-  *) SECURITY: CVE-2006-5752 (cve.mitre.org)
-     mod_status: Fix a possible XSS attack against a site with a public
-     server-status page and ExtendedStatus enabled, for browsers which
-     perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]
-
-  *) SECURITY: CVE-2007-3304 (cve.mitre.org)
-     prefork, worker MPMs: Ensure that the parent process cannot
-     be forced to kill processes outside its process group. 
-     [Joe Orton, Jim Jagielski]
-
   *) mod_so: Solve dev's confusion by reporting expected/seen module
      magic signatures when failing with a 'garbled' message, and solve
      user's confusion by pointing out 'perhaps compiled for a different
@@ -100,6 +98,8 @@ Changes with Apache 2.0.60
      employed to report their HTTP status result code.
      PR 16637 30033 28089.  [Matt Lewandowsky <matt iamcode.net>, William Rowe]
 
+There was no 2.0.60
+
 Changes with Apache 2.0.59
 
   *) SECURITY: CVE-2006-3747 (cve.mitre.org)