From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 17 Jul 2017 11:04:08 +0000 (+0000)
Subject: Add the CHANGES' security entry for 2.2.34.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc2b649bd2ea325642e17c332bf09077097172b2;p=thirdparty%2Fapache%2Fhttpd.git

Add the CHANGES' security entry for 2.2.34.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1802128 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index e9d5f5007d9..8c308069a5e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,12 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.34 (final)
 
+  *) SECURITY: CVE-2017-9788 (cve.mitre.org)
+     mod_auth_digest: Uninitialized memory reflection.  The value placeholder
+     in [Proxy-]Authorization headers type 'Digest' was not initialized or
+     reset before or between successive key=value assignments.
+     [William Rowe]
+
   *) Allow single-char field names inadvertantly disallowed in 2.2.32.
      PR 61220. [Yann Ylavic]