This is corrected in SVN, see http://svn.apache.org/viewvc/httpd/httpd/trunk/server/request.c?view=log
Unsure why this edit didn't carry on to the github mirror. On Thu, Jun 11, 2015 at 11:50 AM, Rainer Canavan < rainer.cana...@sevenval.com> wrote: > Hi, > > is the commit message incorrect or the CHANGES file concerning > CVE-2015-3183? > > The commit message at > > https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708 > uses CVE-2015-3183 for the "Replacement of ap_some_auth_required", > while the CHANGES uses it for "Remove apr_brigade_flatten()" > > I'm have no idea if that would qualify the CVE to get REJECTED. > > regards, > > > rainer >