From: Stefan Fritsch <sf@apache.org>
Date: Fri, 8 Oct 2010 18:56:59 +0000 (+0000)
Subject: The vulnerable code was not in 2.2.16's mod_reqtimeout, therefore we
X-Git-Tag: 2.2.17~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e741f07950d52d9837167f4373cdf5a52a5a41d;p=thirdparty%2Fapache%2Fhttpd.git

The vulnerable code was not in 2.2.16's mod_reqtimeout, therefore we
don't need to mention CVE-2010-1623 in the changelog.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1005957 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 9282c03c718..92ccdee6d6e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,10 +1,6 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.17
 
-  *) SECURITY: CVE-2010-1623 (cve.mitre.org)
-     Fix a denial of service attack against mod_reqtimeout.
-     [Stefan Fritsch]
-
   *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
      connections and other protocol handlers (like mod_ftp). Enforce the
      timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering