Author: jochen
Date: Wed Jun 22 06:33:47 2016
New Revision: 1749636
URL: http://svn.apache.org/viewvc?rev=1749636&view=rev
Log:
Added information related to CVE-2016-3092.
Modified:
commons/proper/fileupload/trunk/src/changes/changes.xml
Modified: commons/proper/fileupload/trunk/src/changes/changes.xml
URL:
http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/changes/changes.xml?rev=1749636&r1=1749635&r2=1749636&view=diff
==============================================================================
--- commons/proper/fileupload/trunk/src/changes/changes.xml (original)
+++ commons/proper/fileupload/trunk/src/changes/changes.xml Wed Jun 22 06:33:47
2016
@@ -65,6 +65,15 @@ The <action> type attribute can be add,u
</action>
</release>
+ <release version="1.3.2" description=
+"This is a security and maintenance release that includes an important
security
+fix as well. Compared to 1.3.1, no other changes have been made."
date="2014-02-07">
+ <action dev="jochen" type="fix">
+ SECURITY - CVE-2016-3092. Specially crafted input can trigger a
DoS, if the
+ size of the MIME boundard is close to the size of the buffer in
MultipartStream.
+ (Similar to CVE-2014-0050.)
+ </action>
+ </release>
<release version="1.3.1" description=
"This is a security and maintenance release that includes an important
security
fix as well as a small number of bugfixes." date="2014-02-07">
