From 3b6144de12880312c1b1ed01ee83e63286302aee Mon Sep 17 00:00:00 2001
From: Jeff Trawick <trawick@apache.org>
Date: Thu, 19 Jan 2012 22:29:21 +0000
Subject: [PATCH] add entry for r1209436 (CVE-2011-4317)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1233609 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGES b/CHANGES
index 75a5b203de..713d756e3b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -36,6 +36,12 @@ Changes with Apache 2.4.0
 
 Changes with Apache 2.3.16
 
+  *) SECURITY: CVE-2011-4317 (cve.mitre.org)
+     Resolve additional cases of URL rewriting with ProxyPassMatch or
+     RewriteRule, where particular request-URIs could result in undesired
+     backend network exposure in some configurations.
+     [Joe Orton]
+
   *) core: Limit line length in .htaccess to 8K like in 2.2.x, to avoid
      additional DoS potential. [Stefan Fritsch]
 
-- 
2.50.1