FreeBSD Bugzilla – Attachment 176167 Details for
Bug 213791
security/vuxml: Document axis2 vulnerability
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml-axis2_20161025.patch
vuxml-axis2_20161025.patch (text/plain), 1.78 KB, created by
Danilo G. Baio
on 2016-10-26 00:30:39 UTC
(
hide
)
Description:
vuxml-axis2_20161025.patch
Filename:
MIME Type:
Creator:
Danilo G. Baio
Created:
2016-10-26 00:30:39 UTC
Size:
1.78 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 424655) >+++ vuln.xml (working copy) >@@ -58,6 +58,41 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="ac18046c-9b08-11e6-8011-005056925db4"> >+ <topic>Axis2 -- Security vulnerabilities on dependency Apache HttpClient</topic> >+ <affects> >+ <package> >+ <name>axis2</name> >+ <range><lt>1.7.4</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Apache Axis2 reports:</p> >+ <blockquote cite="http://axis.apache.org/axis2/java/core/release-notes/1.7.4.html"> >+ <p>Apache Axis2 1.7.4 is a maintenance release that includes fixes for >+ several issues, including the following security issues: >+ Session fixation (AXIS2-4739) and XSS (AXIS2-5683) vulnerabilities >+ affecting the admin console. >+ A dependency on an Apache HttpClient version affected by known security >+ vulnerabilities (CVE-2012-6153 and CVE-2014-3577); see AXIS2-5757.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>http://axis.apache.org/axis2/java/core/release-notes/1.7.4.html</url> >+ <url>https://issues.apache.org/jira/browse/AXIS2-4739</url> >+ <url>https://issues.apache.org/jira/browse/AXIS2-5683</url> >+ <url>https://issues.apache.org/jira/browse/AXIS2-5757</url> >+ <cvename>CVE-2012-6153</cvename> >+ <cvename>CVE-2014-3577</cvename> >+ </references> >+ <dates> >+ <discovery>2012-12-06</discovery> >+ <entry>2016-10-25</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="a479a725-9adb-11e6-a298-14dae9d210b8"> > <topic>FreeBSD -- bhyve - privilege escalation vulnerability</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=176167">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 213791
: 176167