Merge branch 'master' of https://github.com/dotnet/core into may-rel

release-notes/1.0/releases.json

@@ -1199,6 +1199,10 @@
         {
           "cve-id": "CVE-2018-0875",
           "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875"
+        },
+        {
+          "cve-id": "CVE-2018-0808",
+          "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0808"
         }
       ],
       "release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.10.md",
@@ -1586,8 +1590,13 @@
     {
       "release-date": "2017-09-21",
       "release-version": "1.0.7",
-      "security": false,
-      "cve-list": null,
+      "security": true,
+      "cve-list": [
+        {
+          "cve-id": "CVE-2017-8585",
+          "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8585"
+        }
+      ],
       "release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.7.md",
       "runtime": {
         "version": "1.0.7",

release-notes/1.1/releases.json

@@ -1404,6 +1404,10 @@
         {
           "cve-id": "CVE-2018-0875",
           "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875"
+        },
+        {
+          "cve-id": "CVE-2018-0808",
+          "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0808"
         }
       ],
       "release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.7.md",
@@ -1879,8 +1883,13 @@
     {
       "release-date": "2017-09-21",
       "release-version": "1.1.4",
-      "security": false,
-      "cve-list": null,
+      "security": true,
+      "cve-list": [
+        {
+          "cve-id": "CVE-2017-8585",
+          "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8585"
+        }
+      ],
       "release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.4.md",
       "runtime": {
         "version": null,

release-notes/2.0/releases.json

@@ -890,6 +890,10 @@
           {
             "cve-id": "CVE-2018-0875",
             "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875"
+          },
+          {
+            "cve-id": "CVE-2018-0808",
+            "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0808"
           }
         ],
       "release-notes": "https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.6.md",
@@ -1151,12 +1155,12 @@
       "security": true,
       "cve-list": [
           {
-            "cve-id": "CVE-2018-0786",
-            "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0786"
+            "cve-id": "CVE-2018-0787",
+            "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0787"
           },
           {
-            "cve-id": "CVE-2018-0764",
-            "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0764"
+            "cve-id": "CVE-2018-0786",
+            "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0786"
           },
           {
             "cve-id": "CVE-2018-0785",
@@ -1165,6 +1169,10 @@
           {
             "cve-id": "CVE-2018-0784",
             "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0784"
+          },
+          {
+            "cve-id": "CVE-2018-0764",
+            "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0764"
           }
         ],
       "release-notes": null,
@@ -1597,7 +1605,7 @@
       "release-date": "2017-11-14",
       "release-version": "2.0.3",
       "security": true,
-      "cve-list": [
+      "cve-list": [          
           {
             "cve-id": "CVE-2017-8700",
             "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8700"

release-notes/2.1/2.1.10/2.1.10.md

@@ -59,7 +59,16 @@ See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blo
 
 .NET Core 2.1.10 release carries both security and non-security fixes.
 
+### Microsoft Security Advisory CVE-2019-0815: ASP.NET Core denial of service vulnerability
 
+#### Executive Summary
+
+Microsoft is releasing this security advisory to provide information about a vulnerability in public ASP.NET Core 2.2. This advisory also provides guidance on what developers can do to update their applications correctly.
+Microsoft is aware of a security vulnerability in all public versions of ASP.NET Core where, if an application is hosted on Internet Information Server (IIS) a remote unauthenticated attacker can use a specially crafted request can cause a Denial of Service. The security update addresses the vulnerability by ensuring the IIS worker process does not crash in response to specially crafted requests.
+
+#### Discussion
+
+Discussion for this issue can be found at https://github.com/aspnet/AspNetCore/issues/9205
 
 ### Additional fixes in this release
 

release-notes/2.1/releases.json

@@ -2580,8 +2580,13 @@
     {
       "release-date": "2018-09-11",
       "release-version": "2.1.4",
-      "security": false,
-      "cve-list": null,
+      "security": true,
+      "cve-list": [
+        {
+          "cve-id": "CVE-2018-8409",
+          "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8409"
+        }
+      ],
       "release-notes": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.4/2.1.4.md",
       "runtime": {
         "version": "2.1.4",