Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C8E79200C52 for ; Mon, 10 Apr 2017 22:51:10 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id C759A160B99; Mon, 10 Apr 2017 20:51:10 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 12517160B7F for ; Mon, 10 Apr 2017 22:51:09 +0200 (CEST) Received: (qmail 96874 invoked by uid 500); 10 Apr 2017 20:51:09 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 96864 invoked by uid 99); 10 Apr 2017 20:51:09 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Apr 2017 20:51:09 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 8CF4F3A0597 for ; Mon, 10 Apr 2017 20:51:08 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn propchange: r1788544 - svn:log Date: Mon, 10 Apr 2017 20:51:08 -0000 To: dev@tomcat.apache.org From: markt@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20170410205108.8CF4F3A0597@svn01-us-west.apache.org> archived-at: Mon, 10 Apr 2017 20:51:11 -0000 Author: markt Revision: 1788544 Modified property: svn:log Modified: svn:log at Mon Apr 10 20:51:08 2017 ------------------------------------------------------------------------------ --- svn:log (original) +++ svn:log Mon Apr 10 20:51:08 2017 @@ -1,2 +1,3 @@ Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60918 When sendfile processing passes to the Poller for completion and then completes before Http11Processor.service() exists, the Processor is recycled which clears sendfileData causing the Processor to return CLOSED or OPEN rather than SENDFILE. +This is the fix for CVE-2017-5651 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org