You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2018/09/12 11:47:36 UTC

[camel] 04/14: Security Advisories: Porting to docs

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git

commit 4434e5a48c64bcf78bb62c79b8945fe6e46d1c4c
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Wed Sep 12 13:40:02 2018 +0200

    Security Advisories: Porting to docs
---
 .../en/security-advisories/CVE-2015-0263.txt.asc   | 38 ++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/docs/user-manual/en/security-advisories/CVE-2015-0263.txt.asc b/docs/user-manual/en/security-advisories/CVE-2015-0263.txt.asc
new file mode 100644
index 0000000..b5036ea
--- /dev/null
+++ b/docs/user-manual/en/security-advisories/CVE-2015-0263.txt.asc
@@ -0,0 +1,38 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+
+CVE-2015-0263: Apache Camel medium disclosure vulnerability
+
+Severity: MEDIUM
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Camel 2.13.0 to 2.13.3, Camel 2.14.0 to 2.14.1
+The unsupported Camel 2.3.x, 2.4.x, 2.5.x, 2.6.x, 2.7.x, 2.8.x, 2.9.x, 2.10.x, 2.11.x and 2.12.x versions may be also affected.
+
+Description: The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration.
+
+Mitigation: 2.13.x users should upgrade to 2.13.4, 2.14.x users should upgrade to 2.14.2. This patch will be included from Camel 2.15.0: https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
+
+Credit: This issue was discovered by Stephan Siano.
+
+References: http://camel.apache.org/security-advisories.html
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
+Comment: GPGTools - http://gpgtools.org
+
+iQIcBAEBAgAGBQJU/sahAAoJEImh9lEqI5wsKmkQAIPMcNnEvWWolihdFlC+4nQn
+Fo39aZ+nr6mH38PgH1Ho2wGPYYX6j6r41cJIOtU5lZzSmC8yaX5tEavm0bKK9XJu
+ScNKixYwxSejF326CKlm2Nl9X26OtZaPSrCyXn9fdFtvkSyo2qcypbYkIGujZW9R
+8sKLKHPgCupBjrDh0271D2BEw9eqZvNsKeBE2o/sePcHy5dhS8GQdKbBmfF1tDDl
+lfAWr+djLJ018X10krVek7GWajdXiZEsMmUZZ6i+Ao0Y9dTguVjTRxcO6gHPM4xq
+AyyDBF2tT2/JvP6QzeaspAI9Wpjr2CD0HKS3eURsfghsjWNklueYeEc/kE/5Usls
+4WiM2MCMPfhef5uY2cbt+BEeouAkIvNdyjzadEdIHJYzqwyWdTwuuabNG+X2zI+m
++Sz0aepvpAXdWrfNFAiiGrzIDRVnZsTjEQ8THAeoSND08e111cy0S2TmKhVlljF+
+Ag5gqduoReWnIrksxJ5M0wkaOfubBgactRFoc8ZhIdmyY8xbiFJmywI9sZ1aTP5s
+tV/hFq7hcGCDqwFAHFsYRoXecfVHWEN/zr0MjXpQ6xT3f8Jedeamq1ZiaBDtfM5p
+SHumY30Tc+cCBV3nFVjxM+zAcFQ8gjnORnZEnZ2F+HQaJHZzQOLWZ6V/urcuHUzu
+HWeqvw4nphzuGl88Vv1M
+=IvV+
+-----END PGP SIGNATURE-----