On 02/02/2014 17:45, Konstantin Kolinko wrote: > 2014-02-02 <ma...@apache.org>: >> Author: markt >> Date: Sun Feb 2 15:26:07 2014 >> New Revision: 1563634 >> >> URL: http://svn.apache.org/r1563634 >> Log: >> Update for 6.0.39 release (excluding docs)
>> +<p>When processing a request submitted using the chunked transfer encoding, >> + Tomcat ignored but did not limit any extensions that were included. >> This >> + allows a client to perform a limited DOS by streaming an unlimited >> + amount of data to the server.</p> >> + >> + >> +<p>This was fixed in revision <a >> href="http://svn.apache.org/viewvc?view=rev&rev=1476592";>1476592</a>.</p> >> + >> + >> +<p>This issue was reported to the Tomcat security team on 10 November 2011 >> + and made public on 10 May 2013.</p> >> + >> + >> +<p>Affects: 6.0.0-6.0.36</p> > > This CVE-2012-3544 / r1476592. announcement is already present > word-by-word in 6.0.37 section. Thanks. I must have copied and pasted two entries rather than one to create the 6.0.39 section. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
