add entry for r1179239 (CVE-2011-3368)

author Jeff Trawick <trawick@apache.org>

Thu, 19 Jan 2012 22:32:09 +0000 (22:32 +0000)

committer Jeff Trawick <trawick@apache.org>

Thu, 19 Jan 2012 22:32:09 +0000 (22:32 +0000)
author Jeff Trawick <trawick@apache.org>
Thu, 19 Jan 2012 22:32:09 +0000 (22:32 +0000)
committer Jeff Trawick <trawick@apache.org>
Thu, 19 Jan 2012 22:32:09 +0000 (22:32 +0000)
diff --git a/CHANGES b/CHANGES

index 713d756e3b7e7c9381f3a9a1f27dccc64382453a..575b148527aa51fb9e1ceb4c4215b20c650e21ac 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -153,6 +153,11 @@ Changes with Apache 2.3.15
       core: Fix integer overflow in ap_pregsub. This can be triggered e.g.
       with mod_setenvif via a malicious .htaccess. [Stefan Fritsch]
  
+  *) SECURITY: CVE-2011-3368 (cve.mitre.org)
+     Reject requests where the request-URI does not match the HTTP
+     specification, preventing unexpected expansion of target URLs in
+     some reverse proxy configurations.  [Joe Orton]
+
    *) configure: Load all modules in the generated default configuration
       when using --enable-load-all-modules. [Rainer Jung]
author	Jeff Trawick <trawick@apache.org>
	Thu, 19 Jan 2012 22:32:09 +0000 (22:32 +0000)
committer	Jeff Trawick <trawick@apache.org>
	Thu, 19 Jan 2012 22:32:09 +0000 (22:32 +0000)