Added CVE-2012-5641, CVE-2012-5649, and CVE-2012-5650 to NEWS and CHANGES in 1.2.x branch
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/15619b5f Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/15619b5f Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/15619b5f Branch: refs/heads/1.2.x Commit: 15619b5f04e6061afbd1d6678abdc35131a4c618 Parents: 1f22df7 Author: Noah Slater <[email protected]> Authored: Mon Feb 25 19:53:36 2013 +0000 Committer: Noah Slater <[email protected]> Committed: Mon Feb 25 19:53:36 2013 +0000 ---------------------------------------------------------------------- CHANGES | 9 +++++++++ NEWS | 6 ++++++ 2 files changed, 15 insertions(+), 0 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb/blob/15619b5f/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index 15b23b8..9c3ae28 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,15 @@ Note that this version has not been released yet. Version 1.2.1 ------------- +Security: + + * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped + backslashes in URLs on Windows + * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe + Flash + * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon + UI + HTTP Interface: * No longer rewrites the X-CouchDB-Requested-Path during recursive http://git-wip-us.apache.org/repos/asf/couchdb/blob/15619b5f/NEWS ---------------------------------------------------------------------- diff --git a/NEWS b/NEWS index 418a319..bb7e4a7 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,12 @@ Note that this version has not been released yet. Version 1.2.1 ------------- + * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped + backslashes in URLs on Windows + * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe + Flash + * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon + UI * Fix various bugs in the URL rewriter when recursion is involved. * Fix couchdb start script. * Futon: Disable buttons that aren't available for the logged-in user.
