From: William A. Rowe Jr <wrowe@apache.org>
Date: Tue, 9 Jul 2013 18:08:01 +0000 (+0000)
Subject: Note security implication
X-Git-Tag: 2.2.26~55
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=151dadbef9652e4625f95e46bc954fc62c78072c;p=thirdparty%2Fapache%2Fhttpd.git

Note security implication

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1501414 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 96bb196e512..cf958010b9c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,12 @@ Changes with Apache 2.2.26
 
 Changes with Apache 2.2.25
 
+  *) SECURITY: CVE-2013-1896 (cve.mitre.org)
+     mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
+     the source href (sent as part of the request body as XML) pointing to a
+     URI that is not configured for DAV will trigger a segfault. [Ben Reser
+     <ben reser.org>]
+
   *) SECURITY: CVE-2013-1862 (cve.mitre.org)
      mod_rewrite: Ensure that client data written to the RewriteLog is
      escaped to prevent terminal escape sequences from entering the
@@ -47,11 +53,6 @@ Changes with Apache 2.2.25
   *) htdigest: Fix buffer overflow when reading digest password file
      with very long lines. PR 54893. [Rainer Jung]
 
-  *) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
-     the source href (sent as part of the request body as XML) pointing to a
-     URI that is not configured for DAV will trigger a segfault. [Ben Reser
-     <ben reser.org>]
-
   *) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
      [Timothy Wood <tjw omnigroup.com>]