bump SECURITY issue to top of in-development 2.3.15 section.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1165779 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 308d4ed9c348ab0d1e8f2adf967e9e02ad092ccd..e0e54475d5d37d446aeb67ed4fa0dc7750961ef6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,12 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.3.15
 
+  *) SECURITY: CVE-2011-3192 (cve.mitre.org)
+     core: Fix handling of byte-range requests to use less memory, to avoid
+     denial of service. If the sum of all ranges in a request is larger than
+     the original file, ignore the ranges and send the complete file.
+     PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
+
   *) mod_ssl: revamp CRL-based revocation checking when validating
      certificates of clients or proxied servers. Completely delegate
      CRL processing to OpenSSL, and add a new [Proxy]CARevocationCheck
@@ -9,12 +15,6 @@ Changes with Apache 2.3.15
   *) Fix a regression in the CVE-2011-3192 byterange fix.
      PR 51748. [low_priority <lowprio20 gmail.com>]
 
-  *) SECURITY: CVE-2011-3192 (cve.mitre.org)
-     core: Fix handling of byte-range requests to use less memory, to avoid
-     denial of service. If the sum of all ranges in a request is larger than
-     the original file, ignore the ranges and send the complete file.
-     PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
-
   *) core: Add MaxRanges directive to control the number of ranges permitted
      before returning the entire resource, with a default limit of 200. 
      [Eric Covener]