Merge branch 'master' of https://github.com/dotnet/core into may-rel
This commit is contained in:
commit
d569b7943a
|
@ -1199,6 +1199,10 @@
|
|||
{
|
||||
"cve-id": "CVE-2018-0875",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875"
|
||||
},
|
||||
{
|
||||
"cve-id": "CVE-2018-0808",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0808"
|
||||
}
|
||||
],
|
||||
"release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.10.md",
|
||||
|
@ -1586,8 +1590,13 @@
|
|||
{
|
||||
"release-date": "2017-09-21",
|
||||
"release-version": "1.0.7",
|
||||
"security": false,
|
||||
"cve-list": null,
|
||||
"security": true,
|
||||
"cve-list": [
|
||||
{
|
||||
"cve-id": "CVE-2017-8585",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8585"
|
||||
}
|
||||
],
|
||||
"release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.7.md",
|
||||
"runtime": {
|
||||
"version": "1.0.7",
|
||||
|
|
|
@ -1404,6 +1404,10 @@
|
|||
{
|
||||
"cve-id": "CVE-2018-0875",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875"
|
||||
},
|
||||
{
|
||||
"cve-id": "CVE-2018-0808",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0808"
|
||||
}
|
||||
],
|
||||
"release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.7.md",
|
||||
|
@ -1879,8 +1883,13 @@
|
|||
{
|
||||
"release-date": "2017-09-21",
|
||||
"release-version": "1.1.4",
|
||||
"security": false,
|
||||
"cve-list": null,
|
||||
"security": true,
|
||||
"cve-list": [
|
||||
{
|
||||
"cve-id": "CVE-2017-8585",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8585"
|
||||
}
|
||||
],
|
||||
"release-notes": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.4.md",
|
||||
"runtime": {
|
||||
"version": null,
|
||||
|
|
|
@ -890,6 +890,10 @@
|
|||
{
|
||||
"cve-id": "CVE-2018-0875",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875"
|
||||
},
|
||||
{
|
||||
"cve-id": "CVE-2018-0808",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0808"
|
||||
}
|
||||
],
|
||||
"release-notes": "https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.6.md",
|
||||
|
@ -1151,12 +1155,12 @@
|
|||
"security": true,
|
||||
"cve-list": [
|
||||
{
|
||||
"cve-id": "CVE-2018-0786",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0786"
|
||||
"cve-id": "CVE-2018-0787",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0787"
|
||||
},
|
||||
{
|
||||
"cve-id": "CVE-2018-0764",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0764"
|
||||
"cve-id": "CVE-2018-0786",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0786"
|
||||
},
|
||||
{
|
||||
"cve-id": "CVE-2018-0785",
|
||||
|
@ -1165,6 +1169,10 @@
|
|||
{
|
||||
"cve-id": "CVE-2018-0784",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0784"
|
||||
},
|
||||
{
|
||||
"cve-id": "CVE-2018-0764",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0764"
|
||||
}
|
||||
],
|
||||
"release-notes": null,
|
||||
|
|
|
@ -59,7 +59,16 @@ See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blo
|
|||
|
||||
.NET Core 2.1.10 release carries both security and non-security fixes.
|
||||
|
||||
### Microsoft Security Advisory CVE-2019-0815: ASP.NET Core denial of service vulnerability
|
||||
|
||||
#### Executive Summary
|
||||
|
||||
Microsoft is releasing this security advisory to provide information about a vulnerability in public ASP.NET Core 2.2. This advisory also provides guidance on what developers can do to update their applications correctly.
|
||||
Microsoft is aware of a security vulnerability in all public versions of ASP.NET Core where, if an application is hosted on Internet Information Server (IIS) a remote unauthenticated attacker can use a specially crafted request can cause a Denial of Service. The security update addresses the vulnerability by ensuring the IIS worker process does not crash in response to specially crafted requests.
|
||||
|
||||
#### Discussion
|
||||
|
||||
Discussion for this issue can be found at https://github.com/aspnet/AspNetCore/issues/9205
|
||||
|
||||
### Additional fixes in this release
|
||||
|
||||
|
|
|
@ -2580,8 +2580,13 @@
|
|||
{
|
||||
"release-date": "2018-09-11",
|
||||
"release-version": "2.1.4",
|
||||
"security": false,
|
||||
"cve-list": null,
|
||||
"security": true,
|
||||
"cve-list": [
|
||||
{
|
||||
"cve-id": "CVE-2018-8409",
|
||||
"cve-url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8409"
|
||||
}
|
||||
],
|
||||
"release-notes": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.4/2.1.4.md",
|
||||
"runtime": {
|
||||
"version": "2.1.4",
|
||||
|
|
Loading…
Reference in a new issue