From: Jeff Trawick <trawick@apache.org>
Date: Tue, 18 Nov 2014 13:13:58 +0000 (+0000)
Subject: mod_authnz_fcgi is not vulnerable to the CVE-2014-3583 bug
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=894cf92e7e7aa0cb5139d390d97107a0237c9405;p=thirdparty%2Fapache%2Fhttpd.git

mod_authnz_fcgi is not vulnerable to the CVE-2014-3583 bug
(and it is too late to use the same CVE anyway).

The code changes to mod_authnz_fcgi are retained in order
to keep the similar code in sync between the two modules.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1640331 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 904dcfdde9b..00f5887df05 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,8 +2,8 @@
 Changes with Apache 2.5.0
   
   *) SECURITY: CVE-2014-3583 (cve.mitre.org)
-     mod_proxy_fcgi, mod_authnz_fcgi: Fix a potential crash with response
-     headers' size above 8K. [Teguh <chain rop.io>, Yann Ylavic, Jeff Trawick]
+     mod_proxy_fcgi: Fix a potential crash with response headers' size above 
+     8K. [Teguh <chain rop.io>, Yann Ylavic, Jeff Trawick]
 
   *) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an
      error when parsing or forwarding the response fails. [Yann Ylavic]