add entry for r1179239 (CVE-2011-3368)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1233611 13f79535-47bb-0310-9956-ffa450edef68
author: Jeff Trawick <trawick@apache.org> 2012-01-19 22:32:09 +0000
committer: Jeff Trawick <trawick@apache.org> 2012-01-19 22:32:09 +0000
commit: 2812169be2fe7512ce0aa4d76eec444cd2899eec (patch)
tree: 9d7d2d355d2b79fd474498990fc53df3c31a1810 /CHANGES
parent: 3b6144de12880312c1b1ed01ee83e63286302aee (diff)
download: httpd-2812169be2fe7512ce0aa4d76eec444cd2899eec.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 713d756e3b..575b148527 100644
--- a/CHANGES
+++ b/CHANGES
@@ -153,6 +153,11 @@ Changes with Apache 2.3.15
      core: Fix integer overflow in ap_pregsub. This can be triggered e.g.
      with mod_setenvif via a malicious .htaccess. [Stefan Fritsch]
 
+  *) SECURITY: CVE-2011-3368 (cve.mitre.org)
+     Reject requests where the request-URI does not match the HTTP
+     specification, preventing unexpected expansion of target URLs in
+     some reverse proxy configurations.  [Joe Orton]
+
   *) configure: Load all modules in the generated default configuration
      when using --enable-load-all-modules. [Rainer Jung]
author	Jeff Trawick <trawick@apache.org>	2012-01-19 22:32:09 +0000
committer	Jeff Trawick <trawick@apache.org>	2012-01-19 22:32:09 +0000
commit	2812169be2fe7512ce0aa4d76eec444cd2899eec (patch)
tree	9d7d2d355d2b79fd474498990fc53df3c31a1810 /CHANGES
parent	3b6144de12880312c1b1ed01ee83e63286302aee (diff)
download	httpd-2812169be2fe7512ce0aa4d76eec444cd2899eec.tar.gz