From a355c4f2652bbab2ed3993e4ab1f88588850356c Mon Sep 17 00:00:00 2001
From: Jan Lehnardt <jan@apache.org>
Date: Wed, 31 Mar 2010 19:29:32 +0000
Subject: add CVE 2010-0009 to CHANGES and NEWS

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@929675 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 1 +
 NEWS    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGES b/CHANGES
index 291a0f0e..0f8af030 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,7 @@ Version 0.11.0
 
 Security:
 
+ * Fixed CVE-2010-0009: Apache CouchDB Timing Attack Vulnerability.
  * Added default cookie-authentication and users database.
  * Added Futon user interface for user signup and login.
  * Added per-database reader access control lists.
diff --git a/NEWS b/NEWS
index 8e369909..14934a1d 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,7 @@ Version 0.11.0
 
 This version is a feature-freeze release candidate for Apache CouchDB 1.0.
 
+ * Fixed CVE-2010-0009: Apache CouchDB Timing Attack Vulnerability.
  * Added support for building a Windows installer as part of 'make dist'.
  * Added optional 'raw' binary collation for faster view builds where Unicode
    collation is not important.
-- 
cgit v1.2.3