You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2019/05/24 09:16:11 UTC
[camel] branch master updated (77600f0 -> 906031a)
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git.
from 77600f0 Added security advisory for CVE-2019-0188
new 6a51420 Errata corrige for CVE-2019-0188
new 906031a CVE-2019-0188 - Changed the title in security advisories
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
docs/user-manual/en/security-advisories.adoc | 4 ++--
.../en/security-advisories/CVE-2019-0188.txt.asc | 20 +++++++++-----------
2 files changed, 11 insertions(+), 13 deletions(-)
[camel] 01/02: Errata corrige for CVE-2019-0188
Posted by ac...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 6a51420aa6a2846fda2d8a13d99271ad16bce651
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Fri May 24 11:15:00 2019 +0200
Errata corrige for CVE-2019-0188
---
.../en/security-advisories/CVE-2019-0188.txt.asc | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
index c7046b6..f6d70be 100644
--- a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
+++ b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
@@ -1,7 +1,7 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-CVE-2019-0188: Apache Camel vulnerable to XML external entity injection (XXE)
+CVE-2019-0188: Apache Camel-XMLJson vulnerable to XML external entity injection (XXE)
Severity: MEDIUM
@@ -9,19 +9,17 @@ Vendor: The Apache Software Foundation
Versions Affected: Apache Camel versions prior to 2.24.0
-Description: Apache Camel contains an XML external entity injection (XXE) vulnerability
+Description: Apache Camel provided contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
Mitigation: Update to version 2.24.0
-
-Credit: This issue was discovered by Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-iQEcBAEBAgAGBQJc57B6AAoJEONOnzgC/0EADagH/11BLnLYA/T2A5haH7DC+awD
-cFIJjuhR8voM1uPbv4bUbRRs1DEvXGBDYGcs3xEXGaABGJ6EAb5c2GXoBpS0G92m
-vXcCc1to6nrEhOHg14rlOV3/BdGt1gvgUqUqG7/Fo35CnPAJLEvqkZGfO9GdnT40
-Sz8kNgmgfEZTQkOeV3gUuLwiyc4uWdPTkUEYYEwL7hghLI9yJ3KfU5igA8Nofgks
-2j2sATTSg6Nc0Yn9XCdg6D0BBhDJLHpEaAVlL3BQXQ/j7pghnxEGkiRiQDzXvVI7
-Dgc+PUAf0sDm5honsLGwcCiHnpSJ4amE2dGwzRiUFp0L15zdGvRA0JillPY7BoY=
-=qSeH
+iQEcBAEBAgAGBQJc57YJAAoJEONOnzgC/0EAI1oIAITlFL/xUHp0rEn5WaRoCbGE
+49ZYJ2/bwK94se0KMhT5VqF6mYf1BWMSVzrczN+Qm8bEb1tQPDZFnTUe0hUjMN61
+tJpGK1UPCOUm3rBVSmrkbYclBVCBgxIEjfeP7SAtBXZSQ7/SHLBG8OQWRur7CPml
+6qtDt9WqIV0da9hJgP2n0YExqyfbCb0IZkvo23DWlzAHZ0LCVc7V/lDqGG1cWsZw
+gEMtUfbaz4533vr5+LgST3z7AbnMBpk2P29/9M7Z3wOxtS2Ne6aw/ooJfRh/HJ5k
+sw4jNQ/4txaha4BszSH9Ibdm0nMyzlmv0u8nONM0X2hhxasybMXIdPlTJh308BU=
+=w7Pn
-----END PGP SIGNATURE-----
[camel] 02/02: CVE-2019-0188 - Changed the title in security
advisories
Posted by ac...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 906031afe839e54c55ac052e6eee0be012e03c29
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Fri May 24 11:15:33 2019 +0200
CVE-2019-0188 - Changed the title in security advisories
---
docs/user-manual/en/security-advisories.adoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/user-manual/en/security-advisories.adoc b/docs/user-manual/en/security-advisories.adoc
index 12fe0b6..dbdc847 100644
--- a/docs/user-manual/en/security-advisories.adoc
+++ b/docs/user-manual/en/security-advisories.adoc
@@ -2,8 +2,8 @@
### 2019
-link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0188] - Apache
-Camel vulnerable to XML external entity injection (XXE)
+link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0188] - Apache Camel-XMLJson
+vulnerable to XML external entity injection (XXE)
link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0194] - Apache
Camel's File is vulnerable to directory traversal