From c79db6fe954cb2d388237e621a7639a7605dcfe4 Mon Sep 17 00:00:00 2001
From: "Mark J. Cox" <mjc@apache.org>
Date: Tue, 3 Jun 2003 10:44:29 +0000
Subject: [PATCH] Apply missing security fix CHANGELOG entries to head PR:
 Obtained from: Submitted by: Reviewed by:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100150 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/CHANGES b/CHANGES
index 8c82474214..c16e33ba2b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -143,6 +143,17 @@ Changes with Apache 2.0.47
 
 Changes with Apache 2.0.46
 
+  *) SECURITY [CAN-2003-0245]: Fixed a bug causing apr_pvsprintf() to crash 
+     by sending an overly long string.  This can be triggered remotely 
+     through mod_dav, mod_ssl, and other mechanisms.  Reported by David
+     Endler <DEndler@iDefense.com>.
+     [Joe Orton <jorton@redhat.com>]
+
+  *) SECURITY [CAN-2003-0189]: Fixed a denial-of-service vulnerability
+     affecting basic authentication on Unix platforms related to
+     thread-safety in apr_password_validate().  The problem was reported
+     by John Hughes <john.hughes@entegrity.com>.
+
   *) Fix for mod_dav.  Call the 'can_be_activity' callback, if provided,
      when a MKACTIVITY request comes in.
      [Ben Collins-Sussman <sussman@collab.net>]
-- 
2.50.1