[Git][security-tracker-team/security-tracker][master] Track fixing version for tika update via unstable and four open CVEs

Salvatore Bonaccorso carnil at debian.org
Tue Jan 22 11:05:15 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ae8b9b0 by Salvatore Bonaccorso at 2019-01-22T11:04:24Z
Track fixing version for tika update via unstable and four open CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22574,7 +22574,7 @@ CVE-2018-17198
 	RESERVED
 	NOT-FOR-US: Apache Roller
 CVE-2018-17197 (A carefully crafted or corrupt sqlite file can cause an infinite loop ...)
-	- tika <unfixed>
+	- tika 1.20-1
 	[jessie] - tika <not-affected> (Only affects 1.8 to 1.19.1)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/22/2
 CVE-2018-17196
@@ -36681,11 +36681,11 @@ CVE-2018-11763 (In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, l
 	NOTE: HTTP/2 support introduced in 2.4.17
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-11763
 CVE-2018-11762 (In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not ...)
-	- tika <unfixed>
+	- tika 1.20-1
 	[jessie] - tika <ignored> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/5
 CVE-2018-11761 (In Apache Tika 0.1 to 1.18, the XML parsers were not configured to ...)
-	- tika <unfixed>
+	- tika 1.20-1
 	[jessie] - tika <ignored> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/4
 	NOTE: When fixing this issue the fix needs to be made complete to not open
@@ -46532,7 +46532,7 @@ CVE-2018-8019 (When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16
 CVE-2018-8018 (In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization  ...)
 	NOT-FOR-US: Apache Ignite
 CVE-2018-8017 (In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an ...)
-	- tika <unfixed> (bug #914643)
+	- tika 1.20-1 (bug #914643)
 	[jessie] - tika <ignored> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/6
 CVE-2018-8016 (The default configuration in Apache Cassandra 3.8 through 3.11.1 binds ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ae8b9b0f61efd0313f1a62e56f97a2d25fdb20e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ae8b9b0f61efd0313f1a62e56f97a2d25fdb20e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190122/3bfc94dd/attachment.html>


More information about the debian-security-tracker-commits mailing list