From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 17 Jul 2017 11:06:52 +0000 (+0000)
Subject: Credits.
X-Git-Tag: 2.4.28~109
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=927730db1f5ea6b8010460a9a477a25c18bf7df8;p=apache

Credits.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1802129 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 3e443781a9..b3774e8b3f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,12 +8,14 @@ Changes with Apache 2.4.27
   *) SECURITY: CVE-2017-9789 (cve.mitre.org)
      mod_http2: Read after free. When under stress, closing many connections,
      the HTTP/2 handling code would sometimes access memory after it has been
-     freed, resulting in potentially erratic behaviour. 
+     freed, resulting in potentially erratic behaviour.
+     [Stefan Eissing]
 
   *) SECURITY: CVE-2017-9788 (cve.mitre.org)
      mod_auth_digest: Uninitialized memory reflection.  The value placeholder
      in [Proxy-]Authorization headers type 'Digest' was not initialized or
      reset before or between successive key=value assignments.
+     [William Rowe]
 
   *) COMPATIBILITY: mod_lua: Remove the undocumented exported 'apr_table'
      global variable when using Lua 5.2 or later. This was exported as a