maxmustermann/dotnet-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/dotnet/core into may-rel

Browse source
This commit is contained in:
Vivek Mishra 2019-05-09 11:45:48 -07:00
parent c343b4d67f 36728df85e
commit d569b7943a
5 changed files with 51 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
release-notes/1.0/releases.json
View file

@ -1199,6 +1199,10 @@
{ {
"cve-id": "CVE-2018-0875", "cve-id": "CVE-2018-0875",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875" "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875"
},
{
"cve-id": "CVE-2018-0808",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0808"
} }
], ],
"release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.10.md", "release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.10.md",
@ -1586,8 +1590,13 @@
{ {
"release-date": "2017-09-21", "release-date": "2017-09-21",
"release-version": "1.0.7", "release-version": "1.0.7",
"security": false, "security": true,
"cve-list": null, "cve-list": [
{
"cve-id": "CVE-2017-8585",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8585"
}
],
"release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.7.md", "release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.7.md",
"runtime": { "runtime": {
"version": "1.0.7", "version": "1.0.7",

13
release-notes/1.1/releases.json
View file

@ -1404,6 +1404,10 @@
{ {
"cve-id": "CVE-2018-0875", "cve-id": "CVE-2018-0875",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875" "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875"
},
{
"cve-id": "CVE-2018-0808",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0808"
} }
], ],
"release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.7.md", "release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.7.md",
@ -1879,8 +1883,13 @@
{ {
"release-date": "2017-09-21", "release-date": "2017-09-21",
"release-version": "1.1.4", "release-version": "1.1.4",
"security": false, "security": true,
"cve-list": null, "cve-list": [
{
"cve-id": "CVE-2017-8585",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8585"
}
],
"release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.4.md", "release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.4.md",
"runtime": { "runtime": {
"version": null, "version": null,

16
release-notes/2.0/releases.json
View file

@ -890,6 +890,10 @@
{ {
"cve-id": "CVE-2018-0875", "cve-id": "CVE-2018-0875",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875" "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875"
},
{
"cve-id": "CVE-2018-0808",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0808"
} }
], ],
"release-notes": "https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.6.md", "release-notes": "https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.6.md",
@ -1151,12 +1155,12 @@
"security": true, "security": true,
"cve-list": [ "cve-list": [
{ {
"cve-id": "CVE-2018-0786", "cve-id": "CVE-2018-0787",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0786" "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0787"
}, },
{ {
"cve-id": "CVE-2018-0764", "cve-id": "CVE-2018-0786",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0764" "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0786"
}, },
{ {
"cve-id": "CVE-2018-0785", "cve-id": "CVE-2018-0785",
@ -1165,6 +1169,10 @@
{ {
"cve-id": "CVE-2018-0784", "cve-id": "CVE-2018-0784",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0784" "cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0784"
},
{
"cve-id": "CVE-2018-0764",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0764"
} }
], ],
"release-notes": null, "release-notes": null,

9
release-notes/2.1/2.1.10/2.1.10.md
View file

@ -59,7 +59,16 @@ See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blo
.NET Core 2.1.10 release carries both security and non-security fixes. .NET Core 2.1.10 release carries both security and non-security fixes.
### Microsoft Security Advisory CVE-2019-0815: ASP.NET Core denial of service vulnerability
#### Executive Summary
Microsoft is releasing this security advisory to provide information about a vulnerability in public ASP.NET Core 2.2. This advisory also provides guidance on what developers can do to update their applications correctly.
Microsoft is aware of a security vulnerability in all public versions of ASP.NET Core where, if an application is hosted on Internet Information Server (IIS) a remote unauthenticated attacker can use a specially crafted request can cause a Denial of Service. The security update addresses the vulnerability by ensuring the IIS worker process does not crash in response to specially crafted requests.
#### Discussion
Discussion for this issue can be found at https://github.com/aspnet/AspNetCore/issues/9205
### Additional fixes in this release ### Additional fixes in this release

9
release-notes/2.1/releases.json
View file

@ -2580,8 +2580,13 @@
{ {
"release-date": "2018-09-11", "release-date": "2018-09-11",
"release-version": "2.1.4", "release-version": "2.1.4",
"security": false, "security": true,
"cve-list": null, "cve-list": [
{
"cve-id": "CVE-2018-8409",
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8409"
}
],
"release-notes": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.4/2.1.4.md", "release-notes": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.4/2.1.4.md",
"runtime": { "runtime": {
"version": "2.1.4", "version": "2.1.4",