From: Joe Orton <jorton@apache.org>
Date: Thu, 18 Jun 2009 09:22:59 +0000 (+0000)
Subject: Add note about the APR-util security fixes.
X-Git-Tag: 2.2.12~78
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b19d8ddf164d02c27635bd34dc949cf2a273f685;p=thirdparty%2Fapache%2Fhttpd.git

Add note about the APR-util security fixes.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@785982 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 90b54e26f1c..bf6b31af6c2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,11 @@ Changes with Apache 2.2.12
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]
 
+  *) SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
+     The bundled copy of the APR-util library has been updated, fixing three
+     different security issues which may affect particular configurations
+     and third-party modules.
+
   *) mod_proxy: Complete ProxyPassReverse to handle balancer URL's.  Given;
        BalancerMember balancer://alias http://example.com/foo
        ProxyPassReverse /bash balancer://alias/bar