From: Jeff Trawick <trawick@apache.org>
Date: Thu, 6 Sep 2007 11:06:47 +0000 (+0000)
Subject: sync CHANGES entry for mod_autoindex CVE-2007-4465
X-Git-Tag: 2.0.62~101
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=175bc8e14fc2734cae7b8a01e91d676851b17769;p=thirdparty%2Fapache%2Fhttpd.git

sync CHANGES entry for mod_autoindex CVE-2007-4465
work-around with the 2.2.x entry


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@573218 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 82bdccbe0ee..2e8998fa6d3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -38,9 +38,10 @@ Changes with Apache 2.0.61
      number reporting.)  [William Rowe]
 
   *) mod_autoindex: Add in Type and Charset options to IndexOptions
-     directive. This allows the admin to explicitly set the
-     content-type and charset of the generated page.
-     [Jim Jagielski]
+     directive. This allows the admin to explicitly set the 
+     content-type and charset of the generated page and is therefore
+     a viable workaround for buggy browsers affected by CVE-2007-4465
+     (cve.mitre.org). [Jim Jagielski]
 
   *) main core: Emit errors during the initial apr_app_initialize()
      or apr_pool_create() (when apr-based error reporting is not ready).