Note that PR 39605 is fixed by the CVE-2009-1891 patches.

(thanks Jeff)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791459 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index d12c9d7872ddfd60a3b555940c8a7aa9171e7578..8aef4dddb53badf9e23869506374b5926c51f5c8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,8 @@ Changes with Apache 2.2.12
   *) SECURITY: CVE-2009-1891 (cve.mitre.org)
      Fix a potential Denial-of-Service attack against mod_deflate or other 
      modules, by forcing the server to consume CPU time in compressing a 
-     large file after a client disconnects.  [Joe Orton, Ruediger Pluem]
+     large file after a client disconnects.  PR 39605.
+     [Joe Orton, Ruediger Pluem]
 
   *) SECURITY: CVE-2009-1195 (cve.mitre.org)
      Prevent the "Includes" Option from being enabled in an .htaccess