From: William A. Rowe Jr <wrowe@apache.org>
Date: Thu, 13 Mar 2014 18:39:10 +0000 (+0000)
Subject: User-facing CHANGES
X-Git-Tag: 2.2.27~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=857799f9a1ade4bb86dc38989bfdcdb6643bc4c4;p=thirdparty%2Fapache%2Fhttpd.git

User-facing CHANGES

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1577276 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index c67e8b0512e..dee8788eb3a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,12 @@ Changes with Apache 2.2.27
      logging truncated cookies.
      [William Rowe, Ruediger Pluem, Jim Jagielski]
 
+  *) SECURITY: CVE-2013-6438 (cve.mitre.org)
+     mod_dav: Keep track of length of cdata properly when removing
+     leading spaces. Eliminates a potential denial of service from
+     specifically crafted DAV WRITE requests
+     [Amin Tora <Amin.Tora neustar.biz>]
+
   *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
      TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]