Add reference to the security issue fixed now that APR v1.3.9 is

author Graham Leggett <minfrin@apache.org>

Wed, 23 Sep 2009 22:24:00 +0000 (22:24 +0000)

committer Graham Leggett <minfrin@apache.org>

Wed, 23 Sep 2009 22:24:00 +0000 (22:24 +0000)
author Graham Leggett <minfrin@apache.org>
Wed, 23 Sep 2009 22:24:00 +0000 (22:24 +0000)
committer Graham Leggett <minfrin@apache.org>
Wed, 23 Sep 2009 22:24:00 +0000 (22:24 +0000)
diff --git a/CHANGES b/CHANGES

index 8783b5297a19ed7fe431ca18cc517bf6d8bdf097..7b39051b7bc84b8bce6045095fec792763708427 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,11 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.2.14
  
+  *) SECURITY: CVE-2009-2699 (cve.mitre.org)
+     Fixed in APR 1.3.9.  Faulty error handling in the Solaris pollset support
+     (Event Port backend) which could trigger hangs in the prefork and event
+     MPMs on that platform.  PR 47645.  [Jeff Trawick]
+
    *) SECURITY: CVE-2009-3095 (cve.mitre.org)
       mod_proxy_ftp: sanity check authn credentials.
       [Stefan Fritsch <sf fritsch.de>, Joe Orton]
author	Graham Leggett <minfrin@apache.org>
	Wed, 23 Sep 2009 22:24:00 +0000 (22:24 +0000)
committer	Graham Leggett <minfrin@apache.org>
	Wed, 23 Sep 2009 22:24:00 +0000 (22:24 +0000)