Credits.

author Yann Ylavic <ylavic@apache.org>

Mon, 17 Jul 2017 11:06:52 +0000 (11:06 +0000)

committer Yann Ylavic <ylavic@apache.org>

Mon, 17 Jul 2017 11:06:52 +0000 (11:06 +0000)
author Yann Ylavic <ylavic@apache.org>
Mon, 17 Jul 2017 11:06:52 +0000 (11:06 +0000)
committer Yann Ylavic <ylavic@apache.org>
Mon, 17 Jul 2017 11:06:52 +0000 (11:06 +0000)
diff --git a/CHANGES b/CHANGES

index 3e443781a9b9c5e817b7a03f8d7cf483fc42d1d9..b3774e8b3f03f9728833adbf478a5a3213f04dd1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -8,12 +8,14 @@ Changes with Apache 2.4.27
    *) SECURITY: CVE-2017-9789 (cve.mitre.org)
       mod_http2: Read after free. When under stress, closing many connections,
       the HTTP/2 handling code would sometimes access memory after it has been
-     freed, resulting in potentially erratic behaviour. 
+     freed, resulting in potentially erratic behaviour.
+     [Stefan Eissing]
  
    *) SECURITY: CVE-2017-9788 (cve.mitre.org)
       mod_auth_digest: Uninitialized memory reflection.  The value placeholder
       in [Proxy-]Authorization headers type 'Digest' was not initialized or
       reset before or between successive key=value assignments.
+     [William Rowe]
  
    *) COMPATIBILITY: mod_lua: Remove the undocumented exported 'apr_table'
       global variable when using Lua 5.2 or later. This was exported as a
author	Yann Ylavic <ylavic@apache.org>
	Mon, 17 Jul 2017 11:06:52 +0000 (11:06 +0000)
committer	Yann Ylavic <ylavic@apache.org>
	Mon, 17 Jul 2017 11:06:52 +0000 (11:06 +0000)