From: Paul Querna <pquerna@apache.org>
Date: Fri, 8 Jul 2005 09:35:56 +0000 (+0000)
Subject: The request smuggling issue did get assigned CAN-2005-2088.
X-Git-Tag: 2.1.7~40
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f63a7c49fd766a0aa2cfa29edaf40beccae0b818;p=apache

The request smuggling issue did get assigned CAN-2005-2088.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209723 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 208d30948d..e28e9300cf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -19,7 +19,7 @@ Changes with Apache 2.1.6
   *) Fix htdbm password validation for records which included comments.
      [Eric Covener <covener gmail.com>]
 
-  *) SECURITY: 
+  *) SECURITY: CAN-2005-2088
      proxy HTTP: If a response contains both Transfer-Encoding and a 
      Content-Length, remove the Content-Length and don't reuse the
      connection, stopping some HTTP Request smuggling attacks.
@@ -30,7 +30,7 @@ Changes with Apache 2.1.6
 
 Changes with Apache 2.1.5
 
-  *) SECURITY: 
+  *) SECURITY: CAN-2005-2088
      core: If a request contains both Transfer-Encoding and a Content-Length,
      remove the Content-Length, stopping some HTTP Request smuggling attacks.
      [Paul Querna]