From 7a16eaa47bf5a844a5579da4fa4692c03ca1215b Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Sat, 18 Nov 2006 22:20:25 +0000
Subject: [PATCH] * CVE-2006-3747 was the main reason to release 2.2.3. So
 place the changelog   entry where it belongs.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@476628 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index eb297692a0..2f13b168a6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -30,8 +30,8 @@ Changes with Apache 2.3.0
      AcceptMutex directive now takes an optional lockfile
      location parameter, ala SSLMutex. [Jim Jagielski]
 
-  *) Fix address-in-use startup failure caused by corruption of the list of 
-     listen sockets in some configurations with multiple generic Listen 
+  *) Fix address-in-use startup failure caused by corruption of the list of
+     listen sockets in some configurations with multiple generic Listen
      directives.  [Jeff Trawick]
 
   *) mod_authn_dbd: Export any additional columns queried in the SQL select
@@ -73,7 +73,7 @@ Changes with Apache 2.3.0
   *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
 
   *) Fix issue which could cause piped loggers to be orphaned and never
-     terminate after a graceful restart.  PR 40651.  [Joe Orton, 
+     terminate after a graceful restart.  PR 40651.  [Joe Orton,
      Ruediger Pluem]
 
   *) mod_headers: support regexp-based editing of HTTP headers [Nick Kew]
@@ -125,12 +125,6 @@ Changes with Apache 2.3.0
      his value is defined as 258, thus limiting the MaxThreads
      to that value. [Mladen Turk]
 
-  *) SECURITY: CVE-2006-3747 (cve.mitre.org)
-     mod_rewrite: Fix an off-by-one security problem in the ldap scheme
-     handling.  For some RewriteRules this could lead to a pointer being
-     written out of bounds.  Reported by Mark Dowd of McAfee.
-     [Mark Cox]
-
   *) mod_cache: While serving a cached entity ensure that filters that have
      been applied to this cached entity before saving it to the cache are not
      applied again. PR 40090. [Ruediger Pluem]
@@ -345,6 +339,12 @@ Changes with Apache 2.2.4
 
 Changes with Apache 2.2.3
 
+  *) SECURITY: CVE-2006-3747 (cve.mitre.org)
+     mod_rewrite: Fix an off-by-one security problem in the ldap scheme
+     handling.  For some RewriteRules this could lead to a pointer being
+     written out of bounds.  Reported by Mark Dowd of McAfee.
+     [Mark Cox]
+
   *) mod_authn_alias: Add a check to make sure that the base provider and the
      alias names are different and also that the alias has not been registered
      before. PR 40051. [Brad Nicholes]
-- 
2.40.0