This is an automated email from the ASF dual-hosted git repository. acosentino pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/camel.git
commit 4434e5a48c64bcf78bb62c79b8945fe6e46d1c4c Author: Andrea Cosentino <[email protected]> AuthorDate: Wed Sep 12 13:40:02 2018 +0200 Security Advisories: Porting to docs --- .../en/security-advisories/CVE-2015-0263.txt.asc | 38 ++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/docs/user-manual/en/security-advisories/CVE-2015-0263.txt.asc b/docs/user-manual/en/security-advisories/CVE-2015-0263.txt.asc new file mode 100644 index 0000000..b5036ea --- /dev/null +++ b/docs/user-manual/en/security-advisories/CVE-2015-0263.txt.asc @@ -0,0 +1,38 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + + +CVE-2015-0263: Apache Camel medium disclosure vulnerability + +Severity: MEDIUM + +Vendor: The Apache Software Foundation + +Versions Affected: Camel 2.13.0 to 2.13.3, Camel 2.14.0 to 2.14.1 +The unsupported Camel 2.3.x, 2.4.x, 2.5.x, 2.6.x, 2.7.x, 2.8.x, 2.9.x, 2.10.x, 2.11.x and 2.12.x versions may be also affected. + +Description: The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration. + +Mitigation: 2.13.x users should upgrade to 2.13.4, 2.14.x users should upgrade to 2.14.2. This patch will be included from Camel 2.15.0: https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36 + +Credit: This issue was discovered by Stephan Siano. + +References: http://camel.apache.org/security-advisories.html +-----BEGIN PGP SIGNATURE----- +Version: GnuPG/MacGPG2 v2.0.22 (Darwin) +Comment: GPGTools - http://gpgtools.org + +iQIcBAEBAgAGBQJU/sahAAoJEImh9lEqI5wsKmkQAIPMcNnEvWWolihdFlC+4nQn +Fo39aZ+nr6mH38PgH1Ho2wGPYYX6j6r41cJIOtU5lZzSmC8yaX5tEavm0bKK9XJu +ScNKixYwxSejF326CKlm2Nl9X26OtZaPSrCyXn9fdFtvkSyo2qcypbYkIGujZW9R +8sKLKHPgCupBjrDh0271D2BEw9eqZvNsKeBE2o/sePcHy5dhS8GQdKbBmfF1tDDl +lfAWr+djLJ018X10krVek7GWajdXiZEsMmUZZ6i+Ao0Y9dTguVjTRxcO6gHPM4xq +AyyDBF2tT2/JvP6QzeaspAI9Wpjr2CD0HKS3eURsfghsjWNklueYeEc/kE/5Usls +4WiM2MCMPfhef5uY2cbt+BEeouAkIvNdyjzadEdIHJYzqwyWdTwuuabNG+X2zI+m ++Sz0aepvpAXdWrfNFAiiGrzIDRVnZsTjEQ8THAeoSND08e111cy0S2TmKhVlljF+ +Ag5gqduoReWnIrksxJ5M0wkaOfubBgactRFoc8ZhIdmyY8xbiFJmywI9sZ1aTP5s +tV/hFq7hcGCDqwFAHFsYRoXecfVHWEN/zr0MjXpQ6xT3f8Jedeamq1ZiaBDtfM5p +SHumY30Tc+cCBV3nFVjxM+zAcFQ8gjnORnZEnZ2F+HQaJHZzQOLWZ6V/urcuHUzu +HWeqvw4nphzuGl88Vv1M +=IvV+ +-----END PGP SIGNATURE-----
