From fbe18fa727538c24fc20af0e4c0e44be9becffd6 Mon Sep 17 00:00:00 2001
From: "Mark J. Cox" <mjc@apache.org>
Date: Thu, 2 Sep 2004 09:49:09 +0000
Subject: [PATCH] CAN to CVE promotions from CVE version 20040901 PR: Obtained
 from: Submitted by: Reviewed by:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104930 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 7379337be3..9ffc5f59be 100644
--- a/CHANGES
+++ b/CHANGES
@@ -774,7 +774,7 @@ Changes with Apache 2.0.49
   *) mod_ssl: Send the Close Alert message to the peer before closing
      the SSL session.  PR 27428.  [Madhusudan Mathihalli, Joe Orton]
 
-  *) SECURITY: CAN-2004-0113 (cve.mitre.org)
+  *) SECURITY: CVE-2004-0113 (cve.mitre.org)
      mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
      PR 27106.  [Joe Orton]
 
@@ -946,7 +946,7 @@ Changes with Apache 2.0.49
   *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
      the destination resource gives a 401.  PR 15571.  [Joe Orton]
 
-  *) SECURITY: CAN-2003-0020 (cve.mitre.org)
+  *) SECURITY: CVE-2003-0020 (cve.mitre.org)
      Escape arbitrary data before writing into the errorlog. Unescaped
      errorlogs are still possible using the compile time switch
      "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, André Malo]
@@ -1834,7 +1834,7 @@ Changes with Apache 2.0.44
 
 Changes with Apache 2.0.43
 
-  *) SECURITY [CAN-2002-0840]: HTML-escape the address produced by 
+  *) SECURITY [CVE-2002-0840]: HTML-escape the address produced by 
      ap_server_signature() against this cross-site scripting 
      vulnerability exposed by the directive 'UseCanonicalName Off'.  
      Also HTML-escape the SERVER_NAME environment variable for CGI 
@@ -1857,7 +1857,7 @@ Changes with Apache 2.0.43
      could lead to an infinite loop.  PR 12705  
      [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
 
-  *) SECURITY [CAN-2002-1156] (cve.mitre.org):
+  *) SECURITY [CVE-2002-1156] (cve.mitre.org):
      Fix the exposure of CGI source when a POST request is sent to 
      a location where both DAV and CGI are enabled. [Ryan Bloom]
 
@@ -8819,7 +8819,7 @@ Changes with Apache 1.3.2
      run-time configurable using the ExtendedStatus directive.
      [Jim Jagielski]
 
-  *) SECURITY [CAN-1999-1199] (cve.mitre.org): 
+  *) SECURITY [CVE-1999-1199] (cve.mitre.org): 
      Eliminate O(n^2) space DoS attacks (and other O(n^2)
      cpu time attacks) in header parsing.  Add ap_overlap_tables(),
      a function which can be used to perform bulk update operations
-- 
2.40.0