You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2018/09/18 12:30:05 UTC
[karaf-site] branch trunk updated: Update on CVE advisory
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/karaf-site.git
The following commit(s) were added to refs/heads/trunk by this push:
new c11a8ac Update on CVE advisory
c11a8ac is described below
commit c11a8ac693320bb9796e89ef35e835db489a35ab
Author: Jean-Baptiste Onofré <jb...@apache.org>
AuthorDate: Tue Sep 18 14:29:56 2018 +0200
Update on CVE advisory
---
src/main/webapp/security/cve-2018-11786.txt | 8 +++-----
src/main/webapp/security/cve-2018-11787.txt | 9 ++++-----
2 files changed, 7 insertions(+), 10 deletions(-)
diff --git a/src/main/webapp/security/cve-2018-11786.txt b/src/main/webapp/security/cve-2018-11786.txt
index fef5866..b6751c6 100644
--- a/src/main/webapp/security/cve-2018-11786.txt
+++ b/src/main/webapp/security/cve-2018-11786.txt
@@ -7,9 +7,7 @@ Severity: Moderate
Vendor: The Apache Software Foundation
-Versions Affected:
-
-This vulnerability affects all versions of Apache Karaf prior to 4.2.0.M1
+Versions Affected: all versions of Apache Karaf prior to 4.2.0.M1
Description:
@@ -31,9 +29,9 @@ This has been fixed in revision:
https://gitbox.apache.org/repos/asf?p=karaf.git;h=24fb477
https://gitbox.apache.org/repos/asf?p=karaf.git;h=7ad0da3
-Migration:
+Mitigation: Apache Karaf users should upgrade to 4.2.0.M1 or later as soon as possible.
-Apache Karaf users should upgrade to 4.2.0.M1 or later as soon as possible.
+JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-5427
Credit: This issue was reported by R.A. Porter
-----BEGIN PGP SIGNATURE-----
diff --git a/src/main/webapp/security/cve-2018-11787.txt b/src/main/webapp/security/cve-2018-11787.txt
index 44ec4b3..57ec837 100644
--- a/src/main/webapp/security/cve-2018-11787.txt
+++ b/src/main/webapp/security/cve-2018-11787.txt
@@ -4,9 +4,7 @@ Severity: Moderate
Vendor: The Apache Software Foundation
-Versions Affected:
-
-This vulnerability affects all versions of Apache Karaf prior to 3.0.9, 4.0.9, 4.1.1.
+Versions Affected: all versions of Apache Karaf prior to 3.0.9, 4.0.9, 4.1.1.
Description:
@@ -37,8 +35,9 @@ https://gitbox.apache.org/repos/asf?p=karaf.git;h=cfa213a
https://gitbox.apache.org/repos/asf?p=karaf.git;h=434e525
https://gitbox.apache.org/repos/asf?p=karaf.git;h=1fc60d7
-Migration:
+Mitigation: Apache Karaf users should upgrade to 3.0.9, 4.0.9, 4.1.1
+or later as soon as possible.
-Apache Karaf users should upgrade to 3.0.9, 4.0.9, 4.1.1 or later as soon as possible.
+JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-4993
Credit: This issue was reported by Kevin Schmidt