backported

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773396 13f79535-47bb-0310-9956-ffa450edef68
apache · Dec 9, 2016 · 3353788 · 3353788
1 parent a6b06a4
commit 3353788
Showing 1 changed file with 0 additions and 10 deletions.
diff --git a/CHANGES b/CHANGES
@@ -4,16 +4,6 @@ Changes with Apache 2.5.0
   *) core: Drop Content-Length header and message-body from HTTP 204 responses.
      PR 51350 [Luca Toscano]
 
-  *) SECURITY: CVE-2016-2161 (cve.mitre.org)
-     mod_auth_digest: Prevent segfaults during client entry allocation when the
-     shared memory space is exhausted. [Maksim Malyutin <m.malyutin dsec.ru>,
-     Eric Covener, Jacob Champion]
-
-  *) SECURITY: CVE-2016-0736 (cve.mitre.org)
-     mod_session_crypto: Authenticate the session data/cookie with a
-     MAC (SipHash) to prevent deciphering or tampering with a padding
-     oracle attack.  [Yann Ylavic, Colm MacCarthaigh]
-
   *) mod_lua: Fix default value of LuaInherit directive. It should be 
      'parent-first' instead of 'none', as per documentation.  PR 60419
      [Christophe Jaillet]