[Git][security-tracker-team/security-tracker][master] Add information for CVE-2018-11796/tika

Salvatore Bonaccorso carnil at debian.org
Mon Oct 15 07:14:02 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7b3f20b by Salvatore Bonaccorso at 2018-10-15T06:13:49Z
Add information for CVE-2018-11796/tika

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16177,7 +16177,10 @@ CVE-2018-11797 (In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a caref
 	NOTE: https://svn.apache.org/r1842131 (branch 2.0)
 	NOTE: https://svn.apache.org/r1842278 (branch 1.8)
 CVE-2018-11796 (In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion ...)
-	TODO: check
+	- tika <not-affected> (Incomplete fix for CVE-2018-11761 not applied)
+	NOTE: https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
+	NOTE: https://issues.apache.org/jira/projects/TIKA/issues/TIKA-2727
+	NOTE: https://github.com/apache/tika/commit/86d4ba1e
 CVE-2018-11795
 	RESERVED
 CVE-2018-11794
@@ -16278,6 +16281,8 @@ CVE-2018-11761 (In Apache Tika 0.1 to 1.18, the XML parsers were not configured
 	- tika <unfixed>
 	[jessie] - tika <ignored> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/4
+	NOTE: When fixing this issue the fix needs to be made complete to not open
+	NOTE: CVE-2018-11796.
 CVE-2018-11760
 	RESERVED
 CVE-2018-11759



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7b3f20b2060562916837a24c30678aea5dbdf60

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7b3f20b2060562916837a24c30678aea5dbdf60
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181015/821d46f6/attachment.html>

More information about the debian-security-tracker-commits mailing list