mod_authnz_fcgi is not vulnerable to the CVE-2014-3583 bug

(and it is too late to use the same CVE anyway).

The code changes to mod_authnz_fcgi are retained in order
to keep the similar code in sync between the two modules.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1640331 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 904dcfdde9bac49223f686a873db1d88cc43dbc6..00f5887df054af769c3f53ca990cbf285b0e12fc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,8 +2,8 @@
 Changes with Apache 2.5.0
   
   *) SECURITY: CVE-2014-3583 (cve.mitre.org)
-     mod_proxy_fcgi, mod_authnz_fcgi: Fix a potential crash with response
-     headers' size above 8K. [Teguh <chain rop.io>, Yann Ylavic, Jeff Trawick]
+     mod_proxy_fcgi: Fix a potential crash with response headers' size above 
+     8K. [Teguh <chain rop.io>, Yann Ylavic, Jeff Trawick]
 
   *) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an
      error when parsing or forwarding the response fails. [Yann Ylavic]