You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2018/09/18 12:30:05 UTC

[karaf-site] branch trunk updated: Update on CVE advisory

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/karaf-site.git


The following commit(s) were added to refs/heads/trunk by this push:
     new c11a8ac  Update on CVE advisory
c11a8ac is described below

commit c11a8ac693320bb9796e89ef35e835db489a35ab
Author: Jean-Baptiste Onofré <jb...@apache.org>
AuthorDate: Tue Sep 18 14:29:56 2018 +0200

    Update on CVE advisory
---
 src/main/webapp/security/cve-2018-11786.txt | 8 +++-----
 src/main/webapp/security/cve-2018-11787.txt | 9 ++++-----
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/main/webapp/security/cve-2018-11786.txt b/src/main/webapp/security/cve-2018-11786.txt
index fef5866..b6751c6 100644
--- a/src/main/webapp/security/cve-2018-11786.txt
+++ b/src/main/webapp/security/cve-2018-11786.txt
@@ -7,9 +7,7 @@ Severity: Moderate
 
 Vendor: The Apache Software Foundation
 
-Versions Affected:
-
-This vulnerability affects all versions of Apache Karaf prior to 4.2.0.M1
+Versions Affected: all versions of Apache Karaf prior to 4.2.0.M1
 
 Description:
 
@@ -31,9 +29,9 @@ This has been fixed in revision:
 https://gitbox.apache.org/repos/asf?p=karaf.git;h=24fb477
 https://gitbox.apache.org/repos/asf?p=karaf.git;h=7ad0da3
 
-Migration:
+Mitigation: Apache Karaf users should upgrade to 4.2.0.M1 or later as soon as possible.
 
-Apache Karaf users should upgrade to 4.2.0.M1 or later as soon as possible.
+JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-5427
 
 Credit: This issue was reported by R.A. Porter
 -----BEGIN PGP SIGNATURE-----
diff --git a/src/main/webapp/security/cve-2018-11787.txt b/src/main/webapp/security/cve-2018-11787.txt
index 44ec4b3..57ec837 100644
--- a/src/main/webapp/security/cve-2018-11787.txt
+++ b/src/main/webapp/security/cve-2018-11787.txt
@@ -4,9 +4,7 @@ Severity: Moderate
 
 Vendor: The Apache Software Foundation
 
-Versions Affected:
-
-This vulnerability affects all versions of Apache Karaf prior to 3.0.9, 4.0.9, 4.1.1.
+Versions Affected: all versions of Apache Karaf prior to 3.0.9, 4.0.9, 4.1.1.
 
 Description:
 
@@ -37,8 +35,9 @@ https://gitbox.apache.org/repos/asf?p=karaf.git;h=cfa213a
 https://gitbox.apache.org/repos/asf?p=karaf.git;h=434e525
 https://gitbox.apache.org/repos/asf?p=karaf.git;h=1fc60d7
 
-Migration:
+Mitigation: Apache Karaf users should upgrade to 3.0.9, 4.0.9, 4.1.1 
+or later as soon as possible.
 
-Apache Karaf users should upgrade to 3.0.9, 4.0.9, 4.1.1 or later as soon as possible.
+JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-4993
 
 Credit: This issue was reported by Kevin Schmidt