Date: Fri, 15 Jul 2016 17:13:53 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r418592 - head/security/vuxml Message-ID: <201607151713.u6FHDrn7039001@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Fri Jul 15 17:13:52 2016 New Revision: 418592 URL: https://svnweb.freebsd.org/changeset/ports/418592 Log: Rename vuxml entry, add new detailed reference as primary. This new reference has much more detailed information. It appears even the latest version of struts is affected and this may affect many products using the Apache Commons FileUpload Utility such as Jenkins, Lucene-Solr, etc. Unfortunately it's difficult to identify which version of the Apache Commons FileUpload Utility products may have, so this vuxml may be expanded as more products are successfully identified. PR: 211105 Security: CVE-2016-3092 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jul 15 16:56:01 2016 (r418591) +++ head/security/vuxml/vuln.xml Fri Jul 15 17:13:52 2016 (r418592) @@ -59,7 +59,7 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuln vid="61b8c359-4aab-11e6-a7bd-14dae9d210b8"> - <topic>tomcat -- denial of service</topic> + <topic>Apache Commons FileUpload -- denial of service</topic> <affects> <package> <name>tomcat6</name> @@ -75,13 +75,13 @@ Notes: </package> <package> <name>apache-struts</name> - <range><lt>1.3.2</lt></range> + <range><le>2.5.2</le></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Jochen Wiedmann reports:</p> - <blockquote cite="http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E"> + <blockquote cite="http://jvn.jp/en/jp/JVN89379547/index.html"> <p>A malicious client can send file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.</p> @@ -89,6 +89,7 @@ Notes: </body> </description> <references> + <url>http://jvn.jp/en/jp/JVN89379547/index.html</url> <url>http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E</url> <cvename>CVE-2016-3092</cvename> </references>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607151713.u6FHDrn7039001>