svn commit: r966308 - in /axis/axis2/java/core/security: CVE-2010-1632.pdf advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml

Wed, 21 Jul 2010 09:46:43 -0700 

Author: veithen
Date: Wed Jul 21 16:45:14 2010
New Revision: 966308

URL: http://svn.apache.org/viewvc?rev=966308&view=rev
Log:
CVE-2010-1632: Updated the advisory with information about Axis 1.3 (received 
from Atlassian) and Geronimo 2.1.x.
Modified:
    axis/axis2/java/core/security/CVE-2010-1632.pdf
    
axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml

Modified: axis/axis2/java/core/security/CVE-2010-1632.pdf
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/core/security/CVE-2010-1632.pdf?rev=966308&r1=966307&r2=966308&view=diff
==============================================================================
Binary files - no diff available.

Modified: 
axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml?rev=966308&r1=966307&r2=966308&view=diff
==============================================================================
--- 
axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml
 (original)
+++ 
axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml
 Wed Jul 21 16:45:14 2010
@@ -27,7 +27,7 @@
             <surname>Veithen</surname>
             <email>veit...@apache.org</email>
         </author>
-        <releaseinfo>First version: May 16, 2010 • First published: June 13, 
2010 • Last updated: July 10, 2010</releaseinfo>
+        <releaseinfo>First version: May 16, 2010 • First published: June 13, 
2010 • Last updated: July 21, 2010</releaseinfo>
     </articleinfo>
     <section>
         <title>Description</title>
@@ -143,7 +143,10 @@
                     <para>
                         Axis2 is used by the Synapse, ODE, Tuscany and 
Geronimo projects
                         from the ASF. The vulnerability has been confirmed by 
the Geronimo
-                        project (see GERONIMO-5383 for more details). It is 
expected that
+                        project (see GERONIMO-5383 for more details). Specific 
instructions for
+                        for patching Geronimo 2.1.x are available at
+                        <ulink 
url="http://geronimo.apache.org/geronimo-21x-cve-2010-1632-patch-instructions.html"/>.
+                        It is expected that
                         all other projects in this list are vulnerable as well.
                     </para>
                 </listitem>
@@ -165,8 +168,9 @@
             <itemizedlist>
                 <listitem>
                     <para>
-                        Axis 1.4 is not vulnerable and immediately rejects any 
request
-                        containing a DOCTYPE declaration.
+                        Axis 1.3 and 1.4 are not vulnerable and immediately 
reject any request
+                        containing a DOCTYPE declaration. There is currently 
no information
+                        available for Axis 1.0, 1.1 and 1.2.
                     </para>
                 </listitem>
                 <listitem>

Reply via email to