From: Joe Orton <jorton@apache.org>
Date: Tue, 17 Jul 2007 15:11:39 +0000 (+0000)
Subject: Move up the -1862 fix.
X-Git-Tag: 2.2.5~153
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5af62ed0a1e321f64846f3f784bea25878ad3fda;p=thirdparty%2Fapache%2Fhttpd.git

Move up the -1862 fix.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@556942 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index f75bcd7b2ec..6298dc1fb0e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -16,17 +16,17 @@ Changes with Apache 2.2.5
      server-status page and ExtendedStatus enabled, for browsers which
      perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]
 
+  *) SECURITY: CVE-2007-1862 (cve.mitre.org)
+     mod_mem_cache: Copy headers into longer lived storage; header names and
+     values could previously point to cleaned up storage.  PR 41551.
+     [Davi Arnaut <davi haxent.com.br>]
+
   *) mod_cache: Do not set Date or Expires when they are missing from
      the original response or are invalid.  [Justin Erenkrantz]
 
   *) mod_cache: Correctly handle HEAD requests on expired cache content.
      PR 41230.  [Niklas Edmundsson <nikke acc.umu.se>]
 
-  *) SECURITY: CVE-2007-1862 (cve.mitre.org)
-     mod_mem_cache: Copy headers into longer lived storage; header names and
-     values could previously point to cleaned up storage
-     PR 41551 [Davi Arnaut <davi haxent.com.br>]
-
   *) mod_cache: Let Cache-Control max-age set the expiration of the cached
      representation if Expires is not set.  [Justin Erenkrantz]