Return-Path: Delivered-To: apmail-apr-commits-archive@www.apache.org Received: (qmail 59277 invoked from network); 3 Jun 2009 15:37:57 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 3 Jun 2009 15:37:57 -0000 Received: (qmail 87483 invoked by uid 500); 3 Jun 2009 15:38:09 -0000 Delivered-To: apmail-apr-commits-archive@apr.apache.org Received: (qmail 87400 invoked by uid 500); 3 Jun 2009 15:38:09 -0000 Mailing-List: contact commits-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: dev@apr.apache.org List-Id: Delivered-To: mailing list commits@apr.apache.org Received: (qmail 87391 invoked by uid 99); 3 Jun 2009 15:38:09 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Jun 2009 15:38:09 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Jun 2009 15:38:06 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 30BDC238888D; Wed, 3 Jun 2009 15:37:45 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r781436 - /apr/apr-util/branches/1.3.x/CHANGES Date: Wed, 03 Jun 2009 15:37:45 -0000 To: commits@apr.apache.org From: jorton@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090603153745.30BDC238888D@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: jorton Date: Wed Jun 3 15:37:44 2009 New Revision: 781436 URL: http://svn.apache.org/viewvc?rev=781436&view=rev Log: Expand the description. Modified: apr/apr-util/branches/1.3.x/CHANGES Modified: apr/apr-util/branches/1.3.x/CHANGES URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?rev=781436&r1=781435&r2=781436&view=diff ============================================================================== --- apr/apr-util/branches/1.3.x/CHANGES [utf-8] (original) +++ apr/apr-util/branches/1.3.x/CHANGES [utf-8] Wed Jun 3 15:37:44 2009 @@ -2,7 +2,8 @@ Changes with APR-util 1.3.7 *) SECURITY: - Prevent the "billion laughs" attack against expat by default. + Fix a denial of service attack against the apr_xml_* interface + using the "billion laughs" entity expansion technique. [Joe Orton] Changes with APR-util 1.3.6