From 4d993618c3d7eb2fc8bafdd7b0a4ff06a51934fc Mon Sep 17 00:00:00 2001
From: "William A. Rowe Jr" <wrowe@apache.org>
Date: Tue, 9 Jul 2013 18:07:58 +0000
Subject: [PATCH] Note security implication

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1501413 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index a8a08c5bc0..7c632c80eb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,13 @@
 
 Changes with Apache 2.4.5
 
+  *) SECURITY: CVE-2013-1896 (cve.mitre.org)
+     mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
+     the source href (sent as part of the request body as XML) pointing to a
+     URI that is not configured for DAV will trigger a segfault. [Ben Reser
+     <ben reser.org>]
+
+
   *) mod_proxy: Fix seg-faults when using the global pool on threaded
      MPMs [Thomas Eckert <thomas.r.w.eckert gmail.com>, Graham Leggett,
      Jim Jagielski]
@@ -104,11 +111,6 @@ Changes with Apache 2.4.5
   *) mod_dav: Improve error handling in dav_method_put(), add new
      dav_join_error() function.  PR 54145.  [Ben Reser <ben reser.org>]
 
-  *) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
-     the source href (sent as part of the request body as XML) pointing to a
-     URI that is not configured for DAV will trigger a segfault. [Ben Reser
-     <ben reser.org>]
-
   *) mod_dav: Do not fail PROPPATCH when prop namespace is not known.
      PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
 
-- 
2.40.0