Bug#785316: CVE-2014-0230: non-persistent DoS attack by feeding data aborting an upload
Santiago Ruano Rincón
santiagorr at riseup.net
Thu May 14 15:15:42 UTC 2015
Source: tomcat6
Version: 6.0.41-2+squeeze6
Severity: normal
Tags: security upstream fixed-upstream
Hello,
The following vulnerability affects tomcat6 in squeeze and wheezy.
CVE-2014-0230 [cve]: Tomcat permits a limited Denial of Service.
I have prepared the attached patch for the 6.0.41-2+squeeze6 version,
based on [fix].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
[cve] https://security-tracker.debian.org/tracker/CVE-2014-0230
[fix] https://svn.apache.org/viewvc?view=revision&revision=1659537
Please adjust the affected versions in the BTS as needed.
Regards,
Santiago
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2014-0230.patch
Type: text/x-diff
Size: 6708 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20150514/b1aeb351/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20150514/b1aeb351/attachment-0001.sig>
More information about the pkg-java-maintainers
mailing list