Date: Sun, 26 Jun 2016 18:13:40 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r417596 - head/security/vuxml Message-ID: <201606261813.u5QIDeQe000221@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Sun Jun 26 18:13:40 2016 New Revision: 417596 URL: https://svnweb.freebsd.org/changeset/ports/417596 Log: Document remote denial of service via FileUpload component in Tomcat PR: 209669 [1] Reported by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> [1] Reported by: Roger Marquis <marquis@roble.com> Security: CVE-2016-3092 Security: https://vuxml.FreeBSD.org/freebsd/cbceeb49-3bc7-11e6-8e82-002590263bf5.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Jun 26 18:01:59 2016 (r417595) +++ head/security/vuxml/vuln.xml Sun Jun 26 18:13:40 2016 (r417596) @@ -58,6 +58,44 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="cbceeb49-3bc7-11e6-8e82-002590263bf5"> + <topic>tomcat -- remote DoS in the Apache Commons FileUpload component</topic> + <affects> + <package> + <name>tomcat7</name> + <range><lt>7.0.70</lt></range> + </package> + <package> + <name>tomcat8</name> + <range><lt>8.0.36</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Mark Thomas reports:</p> + <blockquote cite="http://mail-archives.apache.org/mod_mbox/tomcat-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832%40apache.org%3E">; + <p>CVE-2016-3092 is a denial of service vulnerability that has been + corrected in the Apache Commons FileUpload component. It occurred + when the length of the multipart boundary was just below the size of + the buffer (4096 bytes) used to read the uploaded file. This caused + the file upload process to take several orders of magnitude longer + than if the boundary length was the typical tens of bytes.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-3092</cvename> + <freebsdpr>ports/209669</freebsdpr> + <url>http://tomcat.apache.org/security-7.html</url>; + <url>http://tomcat.apache.org/security-8.html</url>; + <url>http://mail-archives.apache.org/mod_mbox/tomcat-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832%40apache.org%3E</url>; + </references> + <dates> + <discovery>2016-06-20</discovery> + <entry>2016-06-26</entry> + </dates> + </vuln> + <vuln vid="bfcc23b6-3b27-11e6-8e82-002590263bf5"> <topic>wordpress -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606261813.u5QIDeQe000221>