From: Luca Toscano <elukey@apache.org>
Date: Tue, 12 Sep 2017 08:08:35 +0000 (+0000)
Subject: Update CHANGES after r1808008
X-Git-Tag: 2.5.0-alpha~142
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9a1a37c2b21aaeeb2d21fc4e14d0676935aaf541;p=apache

Update CHANGES after r1808008

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808085 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 12363b3c7e..495453acf9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) htdigest: prevent a buffer overflow when a string exceeds the allowed max
+     length in a password file.
+     [Luca Toscano, Hanno Böck <hanno hboeck de>]
+
   *) mod_md: v0.9.2: new directive 'MDHttpProxy' to define a proxy for outgoing connection,
      some minor bugfixes, twiddle the build system to avoid non-pic code generation.
      [Stefan Eissing]