From: Stefan Fritsch <sf@apache.org>
Date: Wed, 25 Jan 2012 18:56:45 +0000 (+0000)
Subject: Add reference to CVE-2012-0021
X-Git-Tag: 2.2.22~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a3682707c73cb53b5fe25db6c11322697d5d1f99;p=thirdparty%2Fapache%2Fhttpd.git

Add reference to CVE-2012-0021


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1235875 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index efa6cd94893..b749c37b0d7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -27,8 +27,11 @@ Changes with Apache 2.2.22
      is enabled, could allow local users to gain privileges via a .htaccess
      file. [Stefan Fritsch, Greg Ames]
 
-  *) mod_log_config: Fix segfault when logging nameless, valueless cookie.
-     PR 52256. [Stefan Fritsch]
+  *) SECURITY: CVE-2012-0021 (cve.mitre.org)
+     mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
+     string is in use and a client sends a nameless, valueless cookie, causing
+     a denial of service. The issue existed since version 2.2.17. PR 52256.
+     [Stefan Fritsch]
 
   *) mod_proxy_ajp: Try to prevent a single long request from marking a worker
      in error. [Jean-Frederic Clere]