You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by jo...@apache.org on 2018/01/28 15:24:24 UTC
svn commit: r1822463 -
/commons/proper/email/trunk/src/site/xdoc/security-reports.xml
Author: jochen
Date: Sun Jan 28 15:24:24 2018
New Revision: 1822463
URL: http://svn.apache.org/viewvc?rev=1822463&view=rev
Log:
Added CVE-2018-1294.
Modified:
commons/proper/email/trunk/src/site/xdoc/security-reports.xml
Modified: commons/proper/email/trunk/src/site/xdoc/security-reports.xml
URL: http://svn.apache.org/viewvc/commons/proper/email/trunk/src/site/xdoc/security-reports.xml?rev=1822463&r1=1822462&r2=1822463&view=diff
==============================================================================
--- commons/proper/email/trunk/src/site/xdoc/security-reports.xml (original)
+++ commons/proper/email/trunk/src/site/xdoc/security-reports.xml Sun Jan 28 15:24:24 2018
@@ -71,6 +71,19 @@
<p>Affects: 1.0 - 1.4</p>
+ <p><b>Moderate: Insufficient input validation for bounce address</b>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1294">CVE-2018-1294</a></p>
+
+ <p>When passing text that contains line-breaks as the bounce address of an Email, then
+ the email details (SMTP headers, recipient list, contents) can be manipulated.</p>
+
+ <p>This was fixed in revisions
+ <a href="https://svn.apache.org/viewvc?view=revision&revision=1777030">1777030</a>
+ </p>
+
+ <p>This was first reported to the Security Team on 02-Sep-2016 and made public on 26-Jan-2018.</p>
+
+ <p>Affects: 1.0-1.4</p>
</subsection>
</section>