From 8721489c0c3619a89897f413d42845e721af550b Mon Sep 17 00:00:00 2001
From: Stefan Eissing <icing@apache.org>
Date: Wed, 11 May 2016 11:17:43 +0000
Subject: [PATCH] fixed mod_http2 CVE added to CHANGES in 2.4.20, late to the
 party but it is there.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1743337 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 2724cba2f6..a2fc327e9a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -82,7 +82,11 @@ Changes with Apache 2.4.20
 
   *) mod_http2: Fix build on Windows from dsp files.
      [Stefan Eissing] 
-
+     
+  *) SECURITY: CVE-2016-1546 (cve.mitre.org)     
+     mod_http2: restricting number of concurrent stream workers per connection
+     if client is slow. 
+     
 Changes with Apache 2.4.19
 
   *) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the
-- 
2.40.0