tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: svn commit: r1563634 - in /tomcat/site/trunk: ./ docs/ xdocs/
Date Sun, 02 Feb 2014 17:45:05 GMT
2014-02-02  <markt@apache.org>:
> Author: markt
> Date: Sun Feb  2 15:26:07 2014
> New Revision: 1563634
>
> URL: http://svn.apache.org/r1563634
> Log:
> Update for 6.0.39 release (excluding docs)
>
> Modified:
>     tomcat/site/trunk/build.properties.default
>     tomcat/site/trunk/docs/doap_Tomcat.rdf
>     tomcat/site/trunk/docs/download-60.html
>     tomcat/site/trunk/docs/index.html
>     tomcat/site/trunk/docs/migration-6.html
>     tomcat/site/trunk/docs/oldnews-2013.html
>     tomcat/site/trunk/docs/security-6.html
>     tomcat/site/trunk/docs/whichversion.html
>     tomcat/site/trunk/xdocs/doap_Tomcat.rdf
>     tomcat/site/trunk/xdocs/download-60.xml
>     tomcat/site/trunk/xdocs/index.xml
>     tomcat/site/trunk/xdocs/migration-6.xml
>     tomcat/site/trunk/xdocs/oldnews-2013.xml
>     tomcat/site/trunk/xdocs/security-6.xml
>     tomcat/site/trunk/xdocs/whichversion.xml
>

> Modified: tomcat/site/trunk/docs/security-6.html
> URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1563634&r1=1563633&r2=1563634&view=diff
> ==============================================================================
> --- tomcat/site/trunk/docs/security-6.html (original)
> +++ tomcat/site/trunk/docs/security-6.html Sun Feb  2 15:26:07 2014


> +<p>When processing a request submitted using the chunked transfer encoding,
> +       Tomcat ignored but did not limit any extensions that were included. This
> +       allows a client to perform a limited DOS by streaming an unlimited
> +       amount of data to the server.</p>
> +
> +
> +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1476592">1476592</a>.</p>
> +
> +
> +<p>This issue was reported to the Tomcat security team on 10 November 2011
> +       and made public on 10 May 2013.</p>
> +
> +
> +<p>Affects: 6.0.0-6.0.36</p>

This CVE-2012-3544 / r1476592. announcement is already present
word-by-word in 6.0.37 section.

http://tomcat.apache.org/security-6.html

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message