On Sat, Jul 04, 2009 at 11:23:46PM +0100, Nick Kew wrote: > [email protected] wrote: > >> Changes with Apache 2.3.3 >> + *) SECURITY: CVE-2009-1890 (cve.mitre.org) + Fix a potential >> Denial-of-Service attack against mod_proxy in a >> + reverse proxy configuration, where a remote attacker can force a >> + proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton] > > I thought in this instance, the original reporter's diagnostic > work contributed more to the patch than we did. I think he > should be credited in the changelog here.
Lots of people help out with diagnosis of many bugs, we typically credit in CHANGES only those who came up with the patches. I certainly should have given credit to the reporter in the commit message though, I will fix that. Regards, Joe
