[Git][security-tracker-team/security-tracker][master] Track fixing version for tika update via unstable and four open CVEs
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 22 11:05:15 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1ae8b9b0 by Salvatore Bonaccorso at 2019-01-22T11:04:24Z
Track fixing version for tika update via unstable and four open CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22574,7 +22574,7 @@ CVE-2018-17198
RESERVED
NOT-FOR-US: Apache Roller
CVE-2018-17197 (A carefully crafted or corrupt sqlite file can cause an infinite loop ...)
- - tika <unfixed>
+ - tika 1.20-1
[jessie] - tika <not-affected> (Only affects 1.8 to 1.19.1)
NOTE: https://www.openwall.com/lists/oss-security/2018/12/22/2
CVE-2018-17196
@@ -36681,11 +36681,11 @@ CVE-2018-11763 (In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, l
NOTE: HTTP/2 support introduced in 2.4.17
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-11763
CVE-2018-11762 (In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not ...)
- - tika <unfixed>
+ - tika 1.20-1
[jessie] - tika <ignored> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/5
CVE-2018-11761 (In Apache Tika 0.1 to 1.18, the XML parsers were not configured to ...)
- - tika <unfixed>
+ - tika 1.20-1
[jessie] - tika <ignored> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/4
NOTE: When fixing this issue the fix needs to be made complete to not open
@@ -46532,7 +46532,7 @@ CVE-2018-8019 (When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16
CVE-2018-8018 (In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization ...)
NOT-FOR-US: Apache Ignite
CVE-2018-8017 (In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an ...)
- - tika <unfixed> (bug #914643)
+ - tika 1.20-1 (bug #914643)
[jessie] - tika <ignored> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/6
CVE-2018-8016 (The default configuration in Apache Cassandra 3.8 through 3.11.1 binds ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ae8b9b0f61efd0313f1a62e56f97a2d25fdb20e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ae8b9b0f61efd0313f1a62e56f97a2d25fdb20e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190122/3bfc94dd/attachment.html>
More information about the debian-security-tracker-commits
mailing list