Add missing changes for r1676015

git-svn-id: http://svn.apache.org/repos/asf/apr/apr/branches/1.5.x@1676016 13f79535-47bb-0310-9956-ffa450edef68
author: trawick <trawick@13f79535-47bb-0310-9956-ffa450edef68> 2015-04-25 11:52:03 +0000
committer: trawick <trawick@13f79535-47bb-0310-9956-ffa450edef68> 2015-04-25 11:52:03 +0000
commit: ad36ae9654ab914bbbcacf125472f2454513d410 (patch)
tree: a2fedb42b26bb67457c59f4d85b9ec119b97c35e
parent: 1fa5fa560bdf6cac3a4ee57f0673e2fadd4c0224 (diff)
download: libapr-ad36ae9654ab914bbbcacf125472f2454513d410.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 4db07720c..f300ec0f8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,13 @@
                                                      -*- coding: utf-8 -*-
 Changes for APR 1.5.2
 
+  *) SECURITY: CVE-2015-1829 (cve.mitre.org)
+     APR applications using APR named pipe support on Windows can be 
+     vulnerable to a pipe squatting attack from a local process; the extent
+     of the vulnerability, when present, depends on the application.
+     Initial analysis and report was provided by John Hernandez of Casaba 
+     Security via HP SSRT Security Alert.  [Yann Ylavic]
+
   *) apr_atomic: Fix errors when building on Visual Studio 2013 while
      maintaining the ability to build on Visual Studio 6 with Windows
      Server 2003 R2 SDK. PR 57191. [Gregg Smith]
author	trawick <trawick@13f79535-47bb-0310-9956-ffa450edef68>	2015-04-25 11:52:03 +0000
committer	trawick <trawick@13f79535-47bb-0310-9956-ffa450edef68>	2015-04-25 11:52:03 +0000
commit	ad36ae9654ab914bbbcacf125472f2454513d410 (patch)
tree	a2fedb42b26bb67457c59f4d85b9ec119b97c35e
parent	1fa5fa560bdf6cac3a4ee57f0673e2fadd4c0224 (diff)
download	libapr-ad36ae9654ab914bbbcacf125472f2454513d410.tar.gz