From 62f9304b0253fec959b9064a4fbbde29a86ec184 Mon Sep 17 00:00:00 2001
From: "Mark J. Cox" <mjc@apache.org>
Date: Fri, 4 Oct 2002 09:08:46 +0000
Subject: [PATCH] This is worthy of a CVE name, thanks to Joe for the headsup
 and text PR: Obtained from: Joe Orton Submitted by: Reviewed by:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97095 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index a447169537..a6a7109db2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -34,8 +34,9 @@ Changes with Apache 2.0.43
      could lead to an infinite loop.  PR 12705  
      [amund.elstad@ergo.no (Amund Elstad), Jeff Trawick]
 
-  *) SECURITY: Allow POST requests and CGI scripts to work when DAV 
-     is enabled on the location.  [Ryan Bloom]
+  *) SECURITY: CAN-2002-1156 (cve.mitre.org)
+      Fix the exposure of CGI source when a POST request is sent to 
+      a location where both DAV and CGI are enabled. [Ryan Bloom]
 
   *) Allow the UserDir directive to accept a list of directories.
      This matches what Apache 1.3 does.  Also add documentation for
-- 
2.50.1