Code review comment for ~ahasenack/ubuntu/+source/libapache2-mod-perl2:xenial-modperl2-fix-dep8-1779400

I think it's less confusing to drop the thanks from d/changelog. That was put in there by the dep3changelog script. The patch files have the authorship explicitly stated.

2.4.24 was unreleased, and our apache was affected by this test failure due to a change there that became a security fix we backported ("HTTP strict parsing changes"):

Changes with Apache 2.4.26

...

  *) SECURITY: CVE-2017-7668 (cve.mitre.org)
     The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
     bug in token list parsing, which allows ap_find_token() to search past
     the end of its input string. By maliciously crafting a sequence of
     request headers, an attacker may be able to cause a segmentation fault,
     or to force ap_find_token() to return an incorrect value.
     [Jacob Champion]