From 78213fd4cc088982096d4afb3fedc21bae6131eb Mon Sep 17 00:00:00 2001
From: "William A. Rowe Jr" <wrowe@apache.org>
Date: Mon, 9 Jan 2017 16:23:51 +0000
Subject: [PATCH] ** NOTE: the vendor states "This mitigation has been assigned
 the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a
 vulnerability. **

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1778007 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index b109fe1c120..bdfffe218dc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -41,10 +41,6 @@ Changes with Apache 2.4.24 (not released)
      [Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State
      University, Stefan Eissing]
 
-  *) SECURITY: CVE-2016-5387 (cve.mitre.org)
-     core: Mitigate [f]cgi "httpoxy" issues.
-     [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
-
   *) SECURITY: CVE-2016-2161 (cve.mitre.org)
      mod_auth_digest: Prevent segfaults during client entry allocation when
      the shared memory space is exhausted.
@@ -66,6 +62,9 @@ Changes with Apache 2.4.24 (not released)
      pollution by malicious clients, upstream servers or faulty modules.
      [Stefan Fritsch, Eric Covener, Yann Ylavic]
 
+  *) core: Mitigate [f]cgi CVE-2016-5387 "httpoxy" issues.
+     [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
+
   *) mod_rewrite: Limit runaway memory use by short circuiting some kinds of
      looping RewriteRules when the local path significantly exceeds 
      LimitRequestLine.  PR 60478. [Jeff Wheelhouse <apache wheelhouse.org>]
-- 
2.47.2