Updated Branches: refs/heads/1.1.x f453b3922 -> 3fffb4752
Added CVE-2012-5641, CVE-2012-5649, and CVE-2012-5650 to NEWS and CHANGES in 1.1.x branch Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/3fffb475 Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/3fffb475 Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/3fffb475 Branch: refs/heads/1.1.x Commit: 3fffb475202d79e7a4efa826e4bf715895cdce22 Parents: f453b39 Author: Noah Slater <[email protected]> Authored: Mon Feb 25 19:51:48 2013 +0000 Committer: Noah Slater <[email protected]> Committed: Mon Feb 25 19:51:48 2013 +0000 ---------------------------------------------------------------------- CHANGES | 9 +++++++++ NEWS | 6 ++++++ 2 files changed, 15 insertions(+), 0 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb/blob/3fffb475/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index 88e31c1..383e375 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,15 @@ Note that this version has not been released yet. Version 1.1.2 ------------- +Security: + +* Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped + backslashes in URLs on Windows +* Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe + Flash +* Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon + UI + HTTP Interface: * ETag of attachment changes only when the attachment changes, not http://git-wip-us.apache.org/repos/asf/couchdb/blob/3fffb475/NEWS ---------------------------------------------------------------------- diff --git a/NEWS b/NEWS index bf8056e..11f7197 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,12 @@ Note that this version has not been released yet. Version 1.1.2 ------------- +* Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped + backslashes in URLs on Windows +* Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe + Flash +* Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon + UI * ETag of attachment changes only when the attachment changes, not the document. * Fix pull replication of documents with many revisions.
