[camel] branch master updated (77600f0 -> 906031a)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[camel] branch master updated (77600f0 -> 906031a)

acosentino
This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git.


    from 77600f0  Added security advisory for CVE-2019-0188
     new 6a51420  Errata corrige for CVE-2019-0188
     new 906031a  CVE-2019-0188 - Changed the title in security advisories

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 docs/user-manual/en/security-advisories.adoc         |  4 ++--
 .../en/security-advisories/CVE-2019-0188.txt.asc     | 20 +++++++++-----------
 2 files changed, 11 insertions(+), 13 deletions(-)

Reply | Threaded
Open this post in threaded view
|

[camel] 01/02: Errata corrige for CVE-2019-0188

acosentino
This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git

commit 6a51420aa6a2846fda2d8a13d99271ad16bce651
Author: Andrea Cosentino <[hidden email]>
AuthorDate: Fri May 24 11:15:00 2019 +0200

    Errata corrige for CVE-2019-0188
---
 .../en/security-advisories/CVE-2019-0188.txt.asc     | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
index c7046b6..f6d70be 100644
--- a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
+++ b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
@@ -1,7 +1,7 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-CVE-2019-0188: Apache Camel vulnerable to XML external entity injection (XXE)
+CVE-2019-0188: Apache Camel-XMLJson vulnerable to XML external entity injection (XXE)
 
 Severity: MEDIUM
 
@@ -9,19 +9,17 @@ Vendor: The Apache Software Foundation
 
 Versions Affected: Apache Camel versions prior to 2.24.0
 
-Description: Apache Camel contains an XML external entity injection (XXE) vulnerability
+Description: Apache Camel provided contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
 
 Mitigation: Update to version 2.24.0
-
-Credit: This issue was discovered by Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQEcBAEBAgAGBQJc57B6AAoJEONOnzgC/0EADagH/11BLnLYA/T2A5haH7DC+awD
-cFIJjuhR8voM1uPbv4bUbRRs1DEvXGBDYGcs3xEXGaABGJ6EAb5c2GXoBpS0G92m
-vXcCc1to6nrEhOHg14rlOV3/BdGt1gvgUqUqG7/Fo35CnPAJLEvqkZGfO9GdnT40
-Sz8kNgmgfEZTQkOeV3gUuLwiyc4uWdPTkUEYYEwL7hghLI9yJ3KfU5igA8Nofgks
-2j2sATTSg6Nc0Yn9XCdg6D0BBhDJLHpEaAVlL3BQXQ/j7pghnxEGkiRiQDzXvVI7
-Dgc+PUAf0sDm5honsLGwcCiHnpSJ4amE2dGwzRiUFp0L15zdGvRA0JillPY7BoY=
-=qSeH
+iQEcBAEBAgAGBQJc57YJAAoJEONOnzgC/0EAI1oIAITlFL/xUHp0rEn5WaRoCbGE
+49ZYJ2/bwK94se0KMhT5VqF6mYf1BWMSVzrczN+Qm8bEb1tQPDZFnTUe0hUjMN61
+tJpGK1UPCOUm3rBVSmrkbYclBVCBgxIEjfeP7SAtBXZSQ7/SHLBG8OQWRur7CPml
+6qtDt9WqIV0da9hJgP2n0YExqyfbCb0IZkvo23DWlzAHZ0LCVc7V/lDqGG1cWsZw
+gEMtUfbaz4533vr5+LgST3z7AbnMBpk2P29/9M7Z3wOxtS2Ne6aw/ooJfRh/HJ5k
+sw4jNQ/4txaha4BszSH9Ibdm0nMyzlmv0u8nONM0X2hhxasybMXIdPlTJh308BU=
+=w7Pn
 -----END PGP SIGNATURE-----

Reply | Threaded
Open this post in threaded view
|

[camel] 02/02: CVE-2019-0188 - Changed the title in security advisories

acosentino
In reply to this post by acosentino
This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git

commit 906031afe839e54c55ac052e6eee0be012e03c29
Author: Andrea Cosentino <[hidden email]>
AuthorDate: Fri May 24 11:15:33 2019 +0200

    CVE-2019-0188 - Changed the title in security advisories
---
 docs/user-manual/en/security-advisories.adoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/user-manual/en/security-advisories.adoc b/docs/user-manual/en/security-advisories.adoc
index 12fe0b6..dbdc847 100644
--- a/docs/user-manual/en/security-advisories.adoc
+++ b/docs/user-manual/en/security-advisories.adoc
@@ -2,8 +2,8 @@
 
 ### 2019
 
-link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0188] - Apache
-Camel vulnerable to XML external entity injection (XXE)
+link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0188] - Apache Camel-XMLJson
+vulnerable to XML external entity injection (XXE)
 
 link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0194] - Apache
 Camel's File is vulnerable to directory traversal