From 2812169be2fe7512ce0aa4d76eec444cd2899eec Mon Sep 17 00:00:00 2001
From: Jeff Trawick <trawick@apache.org>
Date: Thu, 19 Jan 2012 22:32:09 +0000
Subject: add entry for r1179239 (CVE-2011-3368)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1233611 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 713d756e3b..575b148527 100644
--- a/CHANGES
+++ b/CHANGES
@@ -153,6 +153,11 @@ Changes with Apache 2.3.15
      core: Fix integer overflow in ap_pregsub. This can be triggered e.g.
      with mod_setenvif via a malicious .htaccess. [Stefan Fritsch]
 
+  *) SECURITY: CVE-2011-3368 (cve.mitre.org)
+     Reject requests where the request-URI does not match the HTTP
+     specification, preventing unexpected expansion of target URLs in
+     some reverse proxy configurations.  [Joe Orton]
+
   *) configure: Load all modules in the generated default configuration
      when using --enable-load-all-modules. [Rainer Jung]
 
-- 
cgit v1.2.1