From: Jim Jagielski <jim@apache.org>
Date: Tue, 11 Mar 2014 16:12:58 +0000 (+0000)
Subject: Log CVE for change
X-Git-Tag: 2.4.8~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e1601424eb96729f39d967e9654dca6b3b0db942;p=apache

Log CVE for change


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1576403 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 470af87ef6..c5e39b0f95 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,8 +2,10 @@
 
 Changes with Apache 2.4.8
 
-  *) Clean up cookie logging with fewer redundant string parsing passes.
-     Log only cookies with a value assignment.
+  *) SECURITY: CVE-2014-0098 (cve.mitre.org)
+     Clean up cookie logging with fewer redundant string parsing passes.
+     Log only cookies with a value assignment. Prevents degfaults when
+     logging truncated cookies.
      [William Rowe, Ruediger Pluem, Jim Jagielski]
 
   *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding