From: Colm MacCarthaigh <colm@apache.org>
Date: Tue, 24 Jan 2006 23:10:24 +0000 (+0000)
Subject: re-order the changelog so that anything with a CVE comes first.
X-Git-Tag: 2.0.56~74
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e4d3a56d626006daa693a083ae75371b38539598;p=thirdparty%2Fapache%2Fhttpd.git

re-order the changelog so that anything with a CVE comes first.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@372052 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 92eaa8e9870..f3581605e59 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,19 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.56
 
+  *) SECURITY: CVE-2005-3357 (cve.mitre.org)
+     mod_ssl: Fix a possible crash during access control checks if a
+     non-SSL request is processed for an SSL vhost (such as the
+     "HTTP request received on SSL port" error message when an 400
+     ErrorDocument is configured, or if using "SSLEngine optional").
+     PR 37791.  [RÃ¼diger PlÃ¼m, Joe Orton]
+
+  *) SECURITY: CVE-2005-3352 (cve.mitre.org)
+     mod_imap: Escape untrusted referer header before outputting in HTML
+     to avoid potential cross-site scripting.  Change also made to
+     ap_escape_html so we escape quotes.  Reported by JPCERT.
+     [Mark Cox]
+
   *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs.  PR 34264.
      [Justin Erenkrantz]
 
@@ -36,13 +49,6 @@ Changes with Apache 2.0.56
   *) Write message to error log if AuthGroupFile cannot be opened.
      PR 37566.  [RÃ¼diger PlÃ¼m]
 
-  *) SECURITY: CVE-2005-3357 (cve.mitre.org)
-     mod_ssl: Fix a possible crash during access control checks if a
-     non-SSL request is processed for an SSL vhost (such as the
-     "HTTP request received on SSL port" error message when an 400
-     ErrorDocument is configured, or if using "SSLEngine optional").
-     PR 37791.  [RÃ¼diger PlÃ¼m, Joe Orton]
-
   *) Add ReceiveBufferSize directive to control the TCP receive buffer.
      [Eric Covener <covener gmail.com>]
 
@@ -64,12 +70,6 @@ Changes with Apache 2.0.56
   *) Chunk filter: Fix chunk filter to create correct chunks in the case that
      a flush bucket is surrounded by data buckets. [Ruediger Pluem]
 
-  *) SECURITY: CVE-2005-3352 (cve.mitre.org)
-     mod_imap: Escape untrusted referer header before outputting in HTML
-     to avoid potential cross-site scripting.  Change also made to
-     ap_escape_html so we escape quotes.  Reported by JPCERT.
-     [Mark Cox]
-
   *) mod_cgi(d): Remove block on OPTIONS method so that scripts can
      respond to OPTIONS directly rather than via server default.
      [Roy Fielding] PR 15242
