Add the CHANGES' security entry for 2.2.34.

author Yann Ylavic <ylavic@apache.org>

Mon, 17 Jul 2017 11:04:08 +0000 (11:04 +0000)

committer Yann Ylavic <ylavic@apache.org>

Mon, 17 Jul 2017 11:04:08 +0000 (11:04 +0000)
author Yann Ylavic <ylavic@apache.org>
Mon, 17 Jul 2017 11:04:08 +0000 (11:04 +0000)
committer Yann Ylavic <ylavic@apache.org>
Mon, 17 Jul 2017 11:04:08 +0000 (11:04 +0000)
diff --git a/CHANGES b/CHANGES

index e9d5f5007d995779da2a888f28f621f532ffd260..8c308069a5e28b0206b41c5e50b51e80591659c0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,12 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.2.34 (final)
  
+  *) SECURITY: CVE-2017-9788 (cve.mitre.org)
+     mod_auth_digest: Uninitialized memory reflection.  The value placeholder
+     in [Proxy-]Authorization headers type 'Digest' was not initialized or
+     reset before or between successive key=value assignments.
+     [William Rowe]
+
    *) Allow single-char field names inadvertantly disallowed in 2.2.32.
       PR 61220. [Yann Ylavic]
author	Yann Ylavic <ylavic@apache.org>
	Mon, 17 Jul 2017 11:04:08 +0000 (11:04 +0000)
committer	Yann Ylavic <ylavic@apache.org>
	Mon, 17 Jul 2017 11:04:08 +0000 (11:04 +0000)