Add note about the APR-util security fixes.

author Joe Orton <jorton@apache.org>

Thu, 18 Jun 2009 09:22:59 +0000 (09:22 +0000)

committer Joe Orton <jorton@apache.org>

Thu, 18 Jun 2009 09:22:59 +0000 (09:22 +0000)
author Joe Orton <jorton@apache.org>
Thu, 18 Jun 2009 09:22:59 +0000 (09:22 +0000)
committer Joe Orton <jorton@apache.org>
Thu, 18 Jun 2009 09:22:59 +0000 (09:22 +0000)
diff --git a/CHANGES b/CHANGES

index 90b54e26f1c71d76c7e7f791f810543ad7ee3ae7..bf6b31af6c23eee3722a6518657c4d34c1eca8c7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,11 @@ Changes with Apache 2.2.12
       mod_proxy_ajp: Avoid delivering content from a previous request which
       failed to send a request body. PR 46949 [Ruediger Pluem]
  
+  *) SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
+     The bundled copy of the APR-util library has been updated, fixing three
+     different security issues which may affect particular configurations
+     and third-party modules.
+
    *) mod_proxy: Complete ProxyPassReverse to handle balancer URL's.  Given;
         BalancerMember balancer://alias http://example.com/foo
         ProxyPassReverse /bash balancer://alias/bar
author	Joe Orton <jorton@apache.org>
	Thu, 18 Jun 2009 09:22:59 +0000 (09:22 +0000)
committer	Joe Orton <jorton@apache.org>
	Thu, 18 Jun 2009 09:22:59 +0000 (09:22 +0000)