From 857799f9a1ade4bb86dc38989bfdcdb6643bc4c4 Mon Sep 17 00:00:00 2001
From: "William A. Rowe Jr" <wrowe@apache.org>
Date: Thu, 13 Mar 2014 18:39:10 +0000
Subject: [PATCH] User-facing CHANGES

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1577276 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGES b/CHANGES
index c67e8b0512e..dee8788eb3a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,12 @@ Changes with Apache 2.2.27
      logging truncated cookies.
      [William Rowe, Ruediger Pluem, Jim Jagielski]
 
+  *) SECURITY: CVE-2013-6438 (cve.mitre.org)
+     mod_dav: Keep track of length of cdata properly when removing
+     leading spaces. Eliminates a potential denial of service from
+     specifically crafted DAV WRITE requests
+     [Amin Tora <Amin.Tora neustar.biz>]
+
   *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
      TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]
 
-- 
2.47.2