From: Jeff Trawick <trawick@apache.org>
Date: Tue, 18 Nov 2014 13:13:58 +0000 (+0000)
Subject: mod_authnz_fcgi is not vulnerable to the CVE-2014-3583 bug
X-Git-Tag: 2.5.0-alpha~3698
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=14baf35e69c15bd4656e923db5a6e80ec9e96c33;p=apache

mod_authnz_fcgi is not vulnerable to the CVE-2014-3583 bug
(and it is too late to use the same CVE anyway).

The code changes to mod_authnz_fcgi are retained in order
to keep the similar code in sync between the two modules.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1640331 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 904dcfdde9..00f5887df0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,8 +2,8 @@
 Changes with Apache 2.5.0
   
   *) SECURITY: CVE-2014-3583 (cve.mitre.org)
-     mod_proxy_fcgi, mod_authnz_fcgi: Fix a potential crash with response
-     headers' size above 8K. [Teguh <chain rop.io>, Yann Ylavic, Jeff Trawick]
+     mod_proxy_fcgi: Fix a potential crash with response headers' size above 
+     8K. [Teguh <chain rop.io>, Yann Ylavic, Jeff Trawick]
 
   *) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an
      error when parsing or forwarding the response fails. [Yann Ylavic]