apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn propchange: r1098290 - svn:log
Date Tue, 10 May 2011 19:21:07 GMT
Author: wrowe
Revision: 1098290
Modified property: svn:log

Modified: svn:log at Tue May 10 19:21:07 2011
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Tue May 10 19:21:07 2011
@@ -1 +1,13 @@
+Security: CVE-2011-0419
+Reported by: Maksymilian Arciemowicz <cxib securityreason.com>
+
+Stack overflow was possible due to unconstrained, recursive invocation
+of apr_fnmatch, as apr_fnmatch processed '*' wildcards.
+
+Introduce new apr_fnmatch implementation.  This delivers optimizations 
+in some common cases, without the underlying weakness of recursion 
+present in older implementations.
+
+Submitted by: William Rowe
+
 Forward port from r1098289


Mime
View raw message