git commit: Added CVE-2012-5641, CVE-2012-5649, and CVE-2012-5650 to NEWS and CHANGES in 1.0.x branch

Mon, 25 Feb 2013 11:49:43 -0800 

Updated Branches:
  refs/heads/1.0.x 1a75b2c93 -> e57fd4f04


Added CVE-2012-5641, CVE-2012-5649, and CVE-2012-5650 to NEWS and CHANGES in 
1.0.x branch


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/e57fd4f0
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/e57fd4f0
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/e57fd4f0

Branch: refs/heads/1.0.x
Commit: e57fd4f0449abd696f43f9ed2385de2a0c82fa94
Parents: 1a75b2c
Author: Noah Slater <[email protected]>
Authored: Mon Feb 25 19:49:23 2013 +0000
Committer: Noah Slater <[email protected]>
Committed: Mon Feb 25 19:49:23 2013 +0000

----------------------------------------------------------------------
 CHANGES |    9 +++++++++
 NEWS    |    8 ++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/e57fd4f0/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 0398caf..239194c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,15 @@ Note that this version has not been released yet.
 Version 1.0.4
 -------------
 
+Security:
+
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+   backslashes in URLs on Windows
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with 
Adobe
+   Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+   UI
+
 Log System:
 
  * Fix file descriptor leak in _log.

http://git-wip-us.apache.org/repos/asf/couchdb/blob/e57fd4f0/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 7ee58f2..28a88d2 100644
--- a/NEWS
+++ b/NEWS
@@ -12,17 +12,21 @@ Version 1.0.5
 
 Note that this version has not been released yet.
 
-
 Version 1.0.4
 -------------
 
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+   backslashes in URLs on Windows
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with 
Adobe
+   Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+   UI
  * Fix file descriptor leak in _log.
  * Fix missing revisions in _changes?style=all_docs.
  * Fix validation of attachment names.
  * Avoid invalidating view indexes when running out of file descriptors.
  * Fix a race condition where replications can go stale
 
-
 Version 1.0.3
 -------------

Reply via email to