Go through the list of allocated CVE names for httpd related issues and

fix up CHANGES to match.  Still got four older issues in my queue to
add in here.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@264758 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index d1942deb7451eda44cb26a24660db81288784f33..683c5bd75b9311ba8f3916027ca89a50cfd0f4e2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -16,7 +16,8 @@ Changes with Apache 2.0.55
      (or if it didn't succeed) for non-authoritative cases.
      [Jim Jagielski]
 
-  *) Fix cases where the byterange filter would buffer responses
+  *) SECURITY: CAN-2005-2728 (cve.mitre.org)
+     Fix cases where the byterange filter would buffer responses
      into memory.  PR 29962.  [Joe Orton]
 
   *) mod_proxy: Fix over-eager handling of '%' for reverse proxies.
@@ -33,7 +34,7 @@ Changes with Apache 2.0.55
 
   *) mod_ssl: Fix build with OpenSSL 0.9.8.  PR 35757.  [William Rowe]
 
-  *) SECURITY: CAN-2005-2088
+  *) SECURITY: CAN-2005-2088 (cve.mitre.org)
      core: If a request contains both Transfer-Encoding and Content-Length
      headers, remove the Content-Length, mitigating some HTTP Request 
      Splitting/Spoofing attacks.  [Paul Querna, Joe Orton]
@@ -1247,7 +1248,8 @@ Changes with Apache 2.0.46
      names faulted the running OS2 worker process.  The fix is
      actually in APR 0.9.4.  [Brian Havard]
 
-  *) Forward port: Escape special characters (especially control
+  *) SECURITY: CAN-2003-0083 (cve.mitre.org)
+     Forward port: Escape special characters (especially control
      characters) in mod_log_config to make a clear distinction between
      client-supplied strings (with special characters) and server-side
      strings. This was already introduced in version 1.3.25.