tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: svn commit: r1563634 - in /tomcat/site/trunk: ./ docs/ xdocs/
Date Sun, 02 Feb 2014 19:25:21 GMT
On 02/02/2014 17:45, Konstantin Kolinko wrote:
> 2014-02-02  <markt@apache.org>:
>> Author: markt
>> Date: Sun Feb  2 15:26:07 2014
>> New Revision: 1563634
>>
>> URL: http://svn.apache.org/r1563634
>> Log:
>> Update for 6.0.39 release (excluding docs)

>> +<p>When processing a request submitted using the chunked transfer encoding,
>> +       Tomcat ignored but did not limit any extensions that were included. This
>> +       allows a client to perform a limited DOS by streaming an unlimited
>> +       amount of data to the server.</p>
>> +
>> +
>> +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1476592">1476592</a>.</p>
>> +
>> +
>> +<p>This issue was reported to the Tomcat security team on 10 November 2011
>> +       and made public on 10 May 2013.</p>
>> +
>> +
>> +<p>Affects: 6.0.0-6.0.36</p>
> 
> This CVE-2012-3544 / r1476592. announcement is already present
> word-by-word in 6.0.37 section.

Thanks. I must have copied and pasted two entries rather than one to
create the 6.0.39 section.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message