You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@commons.apache.org by jo...@apache.org on 2016/06/22 06:33:47 UTC

svn commit: r1749636 - /commons/proper/fileupload/trunk/src/changes/changes.xml

Author: jochen
Date: Wed Jun 22 06:33:47 2016
New Revision: 1749636

URL: http://svn.apache.org/viewvc?rev=1749636&view=rev
Log:
Added information related to CVE-2016-3092.

Modified:
    commons/proper/fileupload/trunk/src/changes/changes.xml

Modified: commons/proper/fileupload/trunk/src/changes/changes.xml
URL: http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/changes/changes.xml?rev=1749636&r1=1749635&r2=1749636&view=diff
==============================================================================
--- commons/proper/fileupload/trunk/src/changes/changes.xml (original)
+++ commons/proper/fileupload/trunk/src/changes/changes.xml Wed Jun 22 06:33:47 2016
@@ -65,6 +65,15 @@ The <action> type attribute can be add,u
       </action>
     </release>
 
+    <release version="1.3.2" description=
+"This is a security and maintenance release that includes an important security 
+fix as well. Compared to 1.3.1, no other changes have been made." date="2014-02-07">
+	  <action dev="jochen" type="fix">
+	    SECURITY - CVE-2016-3092. Specially crafted input can trigger a DoS, if the
+	    size of the MIME boundard is close to the size of the buffer in MultipartStream.
+	    (Similar to CVE-2014-0050.)
+	  </action>
+    </release>
     <release version="1.3.1" description=
 "This is a security and maintenance release that includes an important security 
 fix as well as a small number of bugfixes." date="2014-02-07">