From 14baf35e69c15bd4656e923db5a6e80ec9e96c33 Mon Sep 17 00:00:00 2001
From: Jeff Trawick <trawick@apache.org>
Date: Tue, 18 Nov 2014 13:13:58 +0000
Subject: [PATCH] mod_authnz_fcgi is not vulnerable to the CVE-2014-3583 bug
 (and it is too late to use the same CVE anyway).

The code changes to mod_authnz_fcgi are retained in order
to keep the similar code in sync between the two modules.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1640331 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 904dcfdde9..00f5887df0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,8 +2,8 @@
 Changes with Apache 2.5.0
   
   *) SECURITY: CVE-2014-3583 (cve.mitre.org)
-     mod_proxy_fcgi, mod_authnz_fcgi: Fix a potential crash with response
-     headers' size above 8K. [Teguh <chain rop.io>, Yann Ylavic, Jeff Trawick]
+     mod_proxy_fcgi: Fix a potential crash with response headers' size above 
+     8K. [Teguh <chain rop.io>, Yann Ylavic, Jeff Trawick]
 
   *) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an
      error when parsing or forwarding the response fails. [Yann Ylavic]
-- 
2.40.0