From baa43091004b17001bb25c3ee28aec6ba75ac7d5 Mon Sep 17 00:00:00 2001
From: "William A. Rowe Jr" <wrowe@apache.org>
Date: Thu, 6 Aug 2009 07:33:32 +0000
Subject: [PATCH] Two notable notes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@801528 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index d4286620aed..1ebd9dcb48c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,15 @@
-                                                         -*- coding: utf-8 -*-
+                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.13
 
+  *) SECURITY: CVE-2009-2412 (cve.mitre.org)
+     Distributed with APR 1.3.8 and APR-util 1.3.9 to fix potential overflow
+     in pools and rmm, where size alignment was taking place.
+     [Matt Lewis <mattlewis@google.com>, Sander Striker]
+
+  *) mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas.  Report
+     warnings compiling mod_ssl against OpenSSL to the httpd developers.
+     [Guenter Knauf]
+
   *) mod_cgid: Do not add an empty argument when calling the CGI script.
      PR 46380 [Ruediger Pluem]
 
-- 
2.47.2