Re: [SECURITY] [DSA 2856-1] libcommons-fileupload-java security update

Sat, 08 Feb 2014 01:09:34 -0800 

Unsubscribe

Daniel
On Feb 8, 2014 1:00 AM, "Florian Weimer" <f...@deneb.enyo.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2856-1                   secur...@debian.org
> http://www.debian.org/security/                            Florian Weimer
> February 07, 2014                      http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package        : libcommons-fileupload-java
> Vulnerability  : denial of service
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2014-0050
>
> It was discovered that the Apache Commons FileUpload package for Java
> could enter an infinite loop while processing a multipart request with
> a crafted Content-Type, resulting in a denial-of-service condition.
>
> For the oldstable distribution (squeeze), this problem has been fixed in
> version 1.2.2-1+deb6u2.
>
> For the stable distribution (wheezy), this problem has been fixed in
> version 1.2.2-1+deb7u2.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 1.3.1-1.
>
> We recommend that you upgrade your libcommons-fileupload-java packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-annou...@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQEcBAEBAgAGBQJS9WToAAoJEL97/wQC1SS+IcIH/18AS3UkkZtLgZcEGpBeBEM+
> OX00IRYPc3emFQcB3ZUUeiYGtq3aAEKYTW5wd8tAA04K4wUMdcV70oUxnFEeUcLl
> ir0b4rIM/ozB86iBN95jmgQzY7pdx703tvhA7CQlNdC0WTEPFHW7yrGksrAk5rTv
> zw5NlN3Hi9McYH+kigp6ULoNavWfByNM7i7xNb7tPCulF0MnIyhfg0ewxgg+QfYj
> RB0V5U/jSW77n0E/Ft9MX5cthViwaCxYREJoXgSIDid/OYyNIE3aZuB+KKFDwPGw
> /dkC+QIE6Zbeesx73YBo+oCEKulGE1UOutjrHy/vnV+mvZklmvChyZEyaGjIG5w=
> =noFV
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmas...@lists.debian.org
> Archive: http://lists.debian.org/87y51mil6r....@mid.deneb.enyo.de
>
>

Reply via email to