From: Eric Covener <covener@apache.org>
Date: Tue, 12 May 2009 13:23:01 +0000 (+0000)
Subject: move SECURITY to top
X-Git-Tag: 2.2.12~131
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec2261b76c1c3b0d1a5b7184a3d5ebe91fafde7c;p=thirdparty%2Fapache%2Fhttpd.git

move SECURITY to top


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773882 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index c57757aabf5..f1cc3144474 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,12 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.12
 
+  *) SECURITY: CVE-2009-1195 (cve.mitre.org)
+     Prevent the "Includes" Option from being enabled in an .htaccess 
+     file if the AllowOverride restrictions do not permit it.
+     [Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
+      Ruediger Pluem]
+
   *) SECURITY: CVE-2009-1191 (cve.mitre.org)
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]
@@ -15,12 +21,6 @@ Changes with Apache 2.2.12
   *) mod_rewrite: When evaluating a proxy rule in directory context, do
      escape the filename by default. PR 46428 [Joe Orton]
 
-  *) SECURITY: CVE-2009-1195 (cve.mitre.org)
-     Prevent the "Includes" Option from being enabled in an .htaccess 
-     file if the AllowOverride restrictions do not permit it.
-     [Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
-      Ruediger Pluem]
-
   *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
      protocol. [Mladen Turk]