You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by ac...@apache.org on 2019/05/24 09:16:11 UTC

[camel] branch master updated (77600f0 -> 906031a)

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git.


    from 77600f0  Added security advisory for CVE-2019-0188
     new 6a51420  Errata corrige for CVE-2019-0188
     new 906031a  CVE-2019-0188 - Changed the title in security advisories

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 docs/user-manual/en/security-advisories.adoc         |  4 ++--
 .../en/security-advisories/CVE-2019-0188.txt.asc     | 20 +++++++++-----------
 2 files changed, 11 insertions(+), 13 deletions(-)

[camel] 01/02: Errata corrige for CVE-2019-0188

Posted by ac...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git

commit 6a51420aa6a2846fda2d8a13d99271ad16bce651
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Fri May 24 11:15:00 2019 +0200

    Errata corrige for CVE-2019-0188
---
 .../en/security-advisories/CVE-2019-0188.txt.asc     | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
index c7046b6..f6d70be 100644
--- a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
+++ b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
@@ -1,7 +1,7 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-CVE-2019-0188: Apache Camel vulnerable to XML external entity injection (XXE)
+CVE-2019-0188: Apache Camel-XMLJson vulnerable to XML external entity injection (XXE)
 
 Severity: MEDIUM
 
@@ -9,19 +9,17 @@ Vendor: The Apache Software Foundation
 
 Versions Affected: Apache Camel versions prior to 2.24.0
 
-Description: Apache Camel contains an XML external entity injection (XXE) vulnerability
+Description: Apache Camel provided contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
 
 Mitigation: Update to version 2.24.0
-
-Credit: This issue was discovered by Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQEcBAEBAgAGBQJc57B6AAoJEONOnzgC/0EADagH/11BLnLYA/T2A5haH7DC+awD
-cFIJjuhR8voM1uPbv4bUbRRs1DEvXGBDYGcs3xEXGaABGJ6EAb5c2GXoBpS0G92m
-vXcCc1to6nrEhOHg14rlOV3/BdGt1gvgUqUqG7/Fo35CnPAJLEvqkZGfO9GdnT40
-Sz8kNgmgfEZTQkOeV3gUuLwiyc4uWdPTkUEYYEwL7hghLI9yJ3KfU5igA8Nofgks
-2j2sATTSg6Nc0Yn9XCdg6D0BBhDJLHpEaAVlL3BQXQ/j7pghnxEGkiRiQDzXvVI7
-Dgc+PUAf0sDm5honsLGwcCiHnpSJ4amE2dGwzRiUFp0L15zdGvRA0JillPY7BoY=
-=qSeH
+iQEcBAEBAgAGBQJc57YJAAoJEONOnzgC/0EAI1oIAITlFL/xUHp0rEn5WaRoCbGE
+49ZYJ2/bwK94se0KMhT5VqF6mYf1BWMSVzrczN+Qm8bEb1tQPDZFnTUe0hUjMN61
+tJpGK1UPCOUm3rBVSmrkbYclBVCBgxIEjfeP7SAtBXZSQ7/SHLBG8OQWRur7CPml
+6qtDt9WqIV0da9hJgP2n0YExqyfbCb0IZkvo23DWlzAHZ0LCVc7V/lDqGG1cWsZw
+gEMtUfbaz4533vr5+LgST3z7AbnMBpk2P29/9M7Z3wOxtS2Ne6aw/ooJfRh/HJ5k
+sw4jNQ/4txaha4BszSH9Ibdm0nMyzlmv0u8nONM0X2hhxasybMXIdPlTJh308BU=
+=w7Pn
 -----END PGP SIGNATURE-----

[camel] 02/02: CVE-2019-0188 - Changed the title in security advisories

Posted by ac...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git

commit 906031afe839e54c55ac052e6eee0be012e03c29
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Fri May 24 11:15:33 2019 +0200

    CVE-2019-0188 - Changed the title in security advisories
---
 docs/user-manual/en/security-advisories.adoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/user-manual/en/security-advisories.adoc b/docs/user-manual/en/security-advisories.adoc
index 12fe0b6..dbdc847 100644
--- a/docs/user-manual/en/security-advisories.adoc
+++ b/docs/user-manual/en/security-advisories.adoc
@@ -2,8 +2,8 @@
 
 ### 2019
 
-link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0188] - Apache 
-Camel vulnerable to XML external entity injection (XXE)
+link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0188] - Apache Camel-XMLJson 
+vulnerable to XML external entity injection (XXE)
 
 link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0194] - Apache 
 Camel's File is vulnerable to directory traversal