This is worthy of a CVE name, thanks to Joe for the headsup and text

author Mark J. Cox <mjc@apache.org>

Fri, 4 Oct 2002 09:08:46 +0000 (09:08 +0000)

committer Mark J. Cox <mjc@apache.org>

Fri, 4 Oct 2002 09:08:46 +0000 (09:08 +0000)
author Mark J. Cox <mjc@apache.org>
Fri, 4 Oct 2002 09:08:46 +0000 (09:08 +0000)
committer Mark J. Cox <mjc@apache.org>
Fri, 4 Oct 2002 09:08:46 +0000 (09:08 +0000)
diff --git a/CHANGES b/CHANGES

index a447169537d52a707bfedf449c385a8d82b5be90..a6a7109db25f596fb45cd6cda5f14d913957361f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -34,8 +34,9 @@ Changes with Apache 2.0.43
       could lead to an infinite loop.  PR 12705  
       [amund.elstad@ergo.no (Amund Elstad), Jeff Trawick]
  
-  *) SECURITY: Allow POST requests and CGI scripts to work when DAV 
-     is enabled on the location.  [Ryan Bloom]
+  *) SECURITY: CAN-2002-1156 (cve.mitre.org)
+      Fix the exposure of CGI source when a POST request is sent to 
+      a location where both DAV and CGI are enabled. [Ryan Bloom]
  
    *) Allow the UserDir directive to accept a list of directories.
       This matches what Apache 1.3 does.  Also add documentation for
author	Mark J. Cox <mjc@apache.org>
	Fri, 4 Oct 2002 09:08:46 +0000 (09:08 +0000)
committer	Mark J. Cox <mjc@apache.org>
	Fri, 4 Oct 2002 09:08:46 +0000 (09:08 +0000)