Non-releases don't have user-visible regressions; now a contributor to the fix

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1167151 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index c9e5c50fc32f51340750603ff8635111893ed01a..5c5d06a7e29491c4b241ba0688aa0e75acc8a92b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,11 +1,12 @@
-                                                         -*- coding: utf-8 -*-
+                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.3.15
 
   *) SECURITY: CVE-2011-3192 (cve.mitre.org)
      core: Fix handling of byte-range requests to use less memory, to avoid
      denial of service. If the sum of all ranges in a request is larger than
      the original file, ignore the ranges and send the complete file.
-     PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
+     PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener,
+     <lowprio20 gmail.com>]
 
   *) mod_ldap: Optional function uldap_ssl_supported(r) always returned false
      if called from a virtual host with mod_ldap directives in it.  Did not
@@ -24,9 +25,6 @@ Changes with Apache 2.3.15
      CRL processing to OpenSSL, and add a new [Proxy]CARevocationCheck
      directive for controlling the revocation checking mode. [Kaspar Brand]
 
-  *) Fix a regression in the CVE-2011-3192 byterange fix.
-     PR 51748. [low_priority <lowprio20 gmail.com>]
-
   *) core: Add MaxRanges directive to control the number of ranges permitted
      before returning the entire resource, with a default limit of 200. 
      [Eric Covener]