From: Joe Orton <jorton@apache.org>
Date: Thu, 19 Jul 2007 12:57:24 +0000 (+0000)
Subject: Tweak changes entry for -3304 fix.
X-Git-Tag: 2.0.60~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b7e10bdee25d885d572f88beabb275154af40cd;p=thirdparty%2Fapache%2Fhttpd.git

Tweak changes entry for -3304 fix.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@557606 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 805d69c3505..6162bf8ff38 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,9 +11,9 @@ Changes with Apache 2.0.60
      perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]
 
   *) SECURITY: CVE-2007-3304 (cve.mitre.org)
-     scoreboard pid protection fixes -- the only fix for 2.0.x is
-     to ensure a valid positive pid is passed to apr_proc_wait(); 
-     the MPMs do not kill children directly as in 2.2.x.
+     prefork, worker MPMs: Ensure that the parent process cannot
+     be forced to kill processes outside its process group. 
+     [Joe Orton, Jim Jagielski]
 
   *) mod_so: Solve dev's confusion by reporting expected/seen module
      magic signatures when failing with a 'garbled' message, and solve