This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch jessie in repository tomcat8.
commit 60434de15dea7a8e4bb266b5fb0f9320d5f1dc43 Author: Emmanuel Bourg <[email protected]> Date: Wed Jun 22 18:17:32 2016 +0200 Fixed CVE-2016-3092: Denial-of-Service vulnerability with file uploads --- debian/changelog | 5 +++++ debian/patches/CVE-2016-3092.patch | 29 +++++++++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 35 insertions(+) diff --git a/debian/changelog b/debian/changelog index b05f5b7..bf5c2df 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,11 @@ tomcat8 (8.0.14-1+deb8u2) jessie-security; urgency=high * Team upload. + + [ Emmanuel Bourg ] + * Fix CVE-2016-3092: Denial-of-Service vulnerability with file uploads + + [ Markus Koschany ] * Fix CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java allows remote authenticated users to bypass intended SecurityManager restrictions and diff --git a/debian/patches/CVE-2016-3092.patch b/debian/patches/CVE-2016-3092.patch new file mode 100644 index 0000000..09f88c1 --- /dev/null +++ b/debian/patches/CVE-2016-3092.patch @@ -0,0 +1,29 @@ +Description: Fixes CVE-2016-3092: Denial-of-Service vulnerability +Origin: backport, https://svn.apache.org/r1743480 +--- a/java/org/apache/tomcat/util/http/fileupload/MultipartStream.java ++++ b/java/org/apache/tomcat/util/http/fileupload/MultipartStream.java +@@ -289,11 +289,6 @@ + throw new IllegalArgumentException("boundary may not be null"); + } + +- this.input = input; +- this.bufSize = bufSize; +- this.buffer = new byte[bufSize]; +- this.notifier = pNotifier; +- + // We prepend CR/LF to the boundary to chop trailing CR/LF from + // body-data tokens. + this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length; +@@ -301,6 +296,12 @@ + throw new IllegalArgumentException( + "The buffer size specified for the MultipartStream is too small"); + } ++ ++ this.input = input; ++ this.bufSize = Math.max(bufSize, boundaryLength*2); ++ this.buffer = new byte[this.bufSize]; ++ this.notifier = pNotifier; ++ + this.boundary = new byte[this.boundaryLength]; + this.keepRegion = this.boundary.length; + diff --git a/debian/patches/series b/debian/patches/series index 3b86510..47a5947 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -20,3 +20,4 @@ CVE-2016-0706.patch CVE-2016-0763.patch CVE-2016-0714.patch CVE-2015-5345.patch +CVE-2016-3092.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
