You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by ji...@apache.org on 2008/06/10 21:32:30 UTC

svn commit: r666291 - /httpd/httpd/trunk/CHANGES

Author: jim
Date: Tue Jun 10 12:32:30 2008
New Revision: 666291

URL: http://svn.apache.org/viewvc?rev=666291&view=rev
Log:
in 2.2.9

Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=666291&r1=666290&r2=666291&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Jun 10 12:32:30 2008
@@ -2,12 +2,6 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
-  *) SECURITY: CVE-2008-2364 (cve.mitre.org)
-     mod_proxy_http: Better handling of excessive interim responses
-     from origin server to prevent potential denial of service and high
-     memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
-     Joe Orton, Jim Jagielski]
-
   *) mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to
      known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
      [Ruediger Pluem]