* Wrong order, Security changes first.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@604441 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 9e5e3002569f6caefe4112100243cda66f257616..c29f628ca92506104859c603c09ed03d4b5da6d1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.62
 
+  *) SECURITY: CVE-2007-5000 (cve.mitre.org)
+     mod_imagemap: Fix a cross-site scripting issue.  Reported by JPCERT.
+     [Joe Orton]
+
   *) http_protocol: Escape request method in 405 error reporting.
      This has no security impact since the browser cannot be tricked
      into sending arbitrary method strings.  [Jeff Trawick]
@@ -9,10 +13,6 @@ Changes with Apache 2.0.62
      Determined to be not generally exploitable, but a flaw in any case.
      PR 44014 [Victor Stinner <victor.stinner inl.fr>]
 
-  *) SECURITY: CVE-2007-5000 (cve.mitre.org)
-     mod_imagemap: Fix a cross-site scripting issue.  Reported by JPCERT.
-     [Joe Orton]  
-
 Changes with Apache 2.0.61
 
   *) SECURITY: CVE-2007-3847 (cve.mitre.org)