* These are now backported.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@608063 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index e9a5795260bc372a660c2860dd527014633fc53c..dac3197b4310d8c70dfe3ff93d95636bf8782e0d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,20 +2,6 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
-  *) SECURITY: CVE-2007-6388 (cve.mitre.org)
-     mod_status: Ensure refresh parameter is numeric to prevent
-     a possible XSS attack caused by redirecting to other URLs. 
-     Reported by SecurityReason.  [Mark Cox, Joe Orton]
-
-  *) SECURITY: CVE-2007-6421 (cve.mitre.org)
-     mod_proxy_balancer: Correctly escape the worker route and the worker
-     redirect string in the HTML output of the balancer manager.
-     Reported by SecurityReason. [Ruediger Pluem]
-
-  *) SECURITY: CVE-2007-6422 (cve.mitre.org)
-     Prevent crash in balancer manager if invalid balancer name is passed
-     as parameter. Reported by SecurityReason. [Ruediger Pluem]
-
   *) Introduce the ProxyFtpDirCharset directive, allowing the administrator
      to identify a default, or specific servers or paths which list their
      contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]
@@ -23,11 +9,6 @@ Changes with Apache 2.3.0
   *) mod_dav: Fix evaluation of If-Match * and If-None-Match * conditionals.
      PR 38034 [Paritosh Shah <shah.paritosh gmail.com>]
 
-  *) mod_dav: Adjust etag generation to produce identical results on 32-bit
-     and 64-bit platforms and avoid a regression with conditional PUT's on lock
-     and etag. PR 44152.
-     [Michael Clark <michael metaparadigm.com>, Ruediger Pluem]
-
   *) mod_deflate: Transform ETag when transforming the entity.
      PR 39727 [Henrik Nordstrom <hno squid-cache.org>, Nick Kew]