You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@apr.apache.org by wr...@apache.org on 2011/05/10 21:21:07 UTC

svn propchange: r1098290 - svn:log

Author: wrowe
Revision: 1098290
Modified property: svn:log

Modified: svn:log at Tue May 10 19:21:07 2011
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Tue May 10 19:21:07 2011
@@ -1 +1,13 @@
+Security: CVE-2011-0419
+Reported by: Maksymilian Arciemowicz <cxib securityreason.com>
+
+Stack overflow was possible due to unconstrained, recursive invocation
+of apr_fnmatch, as apr_fnmatch processed '*' wildcards.
+
+Introduce new apr_fnmatch implementation.  This delivers optimizations 
+in some common cases, without the underlying weakness of recursion 
+present in older implementations.
+
+Submitted by: William Rowe
+
 Forward port from r1098289