Two notable notes

author William A. Rowe Jr <wrowe@apache.org>

Thu, 6 Aug 2009 07:33:32 +0000 (07:33 +0000)

committer William A. Rowe Jr <wrowe@apache.org>

Thu, 6 Aug 2009 07:33:32 +0000 (07:33 +0000)
author William A. Rowe Jr <wrowe@apache.org>
Thu, 6 Aug 2009 07:33:32 +0000 (07:33 +0000)
committer William A. Rowe Jr <wrowe@apache.org>
Thu, 6 Aug 2009 07:33:32 +0000 (07:33 +0000)
diff --git a/CHANGES b/CHANGES

index d4286620aed5cf5f6954568c3dfd3a1fdfc48820..1ebd9dcb48c25c9bd5e5436d14b3bf22eb5a7536 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,15 @@
-                                                         -*- coding: utf-8 -*-
+                                                         -*- coding: utf-8 -*-
  Changes with Apache 2.2.13
  
+  *) SECURITY: CVE-2009-2412 (cve.mitre.org)
+     Distributed with APR 1.3.8 and APR-util 1.3.9 to fix potential overflow
+     in pools and rmm, where size alignment was taking place.
+     [Matt Lewis <mattlewis@google.com>, Sander Striker]
+
+  *) mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas.  Report
+     warnings compiling mod_ssl against OpenSSL to the httpd developers.
+     [Guenter Knauf]
+
    *) mod_cgid: Do not add an empty argument when calling the CGI script.
       PR 46380 [Ruediger Pluem]
author	William A. Rowe Jr <wrowe@apache.org>
	Thu, 6 Aug 2009 07:33:32 +0000 (07:33 +0000)
committer	William A. Rowe Jr <wrowe@apache.org>
	Thu, 6 Aug 2009 07:33:32 +0000 (07:33 +0000)