+++ This bug was initially created as a clone of Bug #1305629 +++

Description of problem:

Depending upon how software analyzes for CVE/Security Issues this may or may not be as important.

1-      CVE Secuity vulnerability description: https://access.redhat.com/security/cve/cve-2014-0226
2-      Redhat errata patch details: https://rhn.redhat.com/errata/RHSA-2014-0920.html

The changelog appears to have a typo CVE-2014-0026 should instead be CVE-2014-0226

[root@acme01 tmp]# rpm -q --changelog httpd |grep 2014
* Fri Jul 18 2014 Weinan Li <weli> - 2.26.35
- Add missing CVE-2014-0231.patch
* Fri Jul 18 2014 Weinan Li <weli> - 2.26.34
- CVE-2014-0026
- CVE-2014-0118
- CVE-2014-0231
* Tue Jun 03 2014 Dustin Kut Moy Cheung <dcheung> - 2.26.33
* Wed May 07 2014 Dustin Kut Moy Cheung <dcheung> - 2.26.32
- Apply fix for CVE 2013-6438 and CVE 2014-0098
* Fri Mar 28 2014 Permaine Cheung <pcheung> - 2.2.26.31
* Tue Mar 04 2014 Weinan Li <weli> - 2.2.26.30
* Tue Mar 04 2014 Weinan Li <weli> - 2.2.26.29
* Mon Mar 03 2014 Weinan Li <weli> - 2.2.26-28
* Thu Feb 27 2014 Weinan Li <weli> - 2.2.26-27
* Wed Feb 26 2014 Weinan Li <weli> - 2.2.26-26


Version-Release number of selected component (if applicable):

Latest version

--- Additional comment from Dave Sullivan on 2016-02-08 14:00:50 EST ---

As can been seen from the changelog from the httpd from rhel-6-server-rpms channel

...
* Thu Jul 17 2014 Jan Kaluza <jkaluza> - 2.2.15-38
- mod_cgid: add security fix for CVE-2014-0231
- mod_deflate: add security fix for CVE-2014-0118
- mod_status: add security fix for CVE-2014-0226    <----cve is correct here

...

--- Additional comment from Dave Sullivan on 2016-02-08 14:03:07 EST ---

Not completely sure if the vulnerability scanner is looking at changelogs but is is failing, personally I think the scanner is failing for other reasons.

But it doesn't help the cause when the typo is there in the changelogs.