Add attribution and CVE notices.

author Graham Leggett <minfrin@apache.org>

Mon, 14 Sep 2009 20:55:40 +0000 (20:55 +0000)

committer Graham Leggett <minfrin@apache.org>

Mon, 14 Sep 2009 20:55:40 +0000 (20:55 +0000)
author Graham Leggett <minfrin@apache.org>
Mon, 14 Sep 2009 20:55:40 +0000 (20:55 +0000)
committer Graham Leggett <minfrin@apache.org>
Mon, 14 Sep 2009 20:55:40 +0000 (20:55 +0000)
diff --git a/CHANGES b/CHANGES

index 1511df204519bc65a29ec1967dd8185bd0a9f2d6..737ae3da17a044a26b7cb94cb1ce0a41a6122d8b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,12 @@
  
  Changes with Apache 2.3.3
  
+  *) CVE-2009-3095: mod_proxy_ftp sanity check authn credentials.
+     [Stefan Fritsch <sf fritsch.de>, Joe Orton]
+
+  *) CVE-2009-3094: mod_proxy_ftp NULL pointer dereference on error paths.
+     [Stefan Fritsch <sf fritsch.de>, Joe Orton]
+
    *) mod_dav: Allow other modules to add things to the DAV or Allow headers
       of an OPTIONS request. [Brian France <brian brianfrance.com>]
author	Graham Leggett <minfrin@apache.org>
	Mon, 14 Sep 2009 20:55:40 +0000 (20:55 +0000)
committer	Graham Leggett <minfrin@apache.org>
	Mon, 14 Sep 2009 20:55:40 +0000 (20:55 +0000)