From 04b951eef74997dbb523cf1673b60c0189f19ef280196075ef475b685751d559 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=98=D0=BB=D1=8C=D1=8F=20=D0=98=D0=BD=D0=B4=D0=B8=D0=B3?=
 =?UTF-8?q?=D0=BE?= <ilya@ilya.cf>
Date: Thu, 18 Mar 2021 13:46:10 +0000
Subject: [PATCH] Accepting request 879891 from
 home:fschnizlein:branches:server:http

Add missing CVE changelog entry to make sure the information is not lost. This is required to submit this package to SLE. See https://en.opensuse.org/openSUSE:Creating_a_changes_file_(RPM)#Cross_Service-Pack_merges_for_SLE

OBS-URL: https://build.opensuse.org/request/show/879891
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=194
---
 nginx.changes | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nginx.changes b/nginx.changes
index d15e849..35c195b 100644
--- a/nginx.changes
+++ b/nginx.changes
@@ -290,6 +290,8 @@ Sat Dec 28 11:03:16 UTC 2019 - Илья Индиго <ilya@ilya.pp.ua>
   * A timeout might occur while handling pipelined requests in an
     SSL connection; the bug had appeared in 1.17.5.
   * Bugfix in the ngx_http_dav_module.
+  * CVE-2019-20372: Fixed an HTTP request smuggling with certain error_page
+    configurations which could have allowed unauthorized web page reads (bsc#1160682).
 
 -------------------------------------------------------------------
 Sat Nov 23 20:12:57 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>