Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 75764 invoked from network); 8 Jul 2010 16:36:45 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 8 Jul 2010 16:36:45 -0000 Received: (qmail 10102 invoked by uid 500); 8 Jul 2010 16:36:45 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 10063 invoked by uid 500); 8 Jul 2010 16:36:44 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 10056 invoked by uid 99); 8 Jul 2010 16:36:44 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jul 2010 16:36:44 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jul 2010 16:36:41 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o68GSnvt020364 for ; Thu, 8 Jul 2010 16:28:50 GMT Message-ID: <20852353.261821278606529486.JavaMail.jira@thor> Date: Thu, 8 Jul 2010 12:28:49 -0400 (EDT) From: "Rick McGuire (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Updated: (GERONIMO-5383) CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks. In-Reply-To: <7131992.77111276518983748.JavaMail.jira@thor> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/GERONIMO-5383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rick McGuire updated GERONIMO-5383: ----------------------------------- Fix Version/s: 2.1.6 (was: 2.1.7) > CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks. > ------------------------------------------------------------------------------------------- > > Key: GERONIMO-5383 > URL: https://issues.apache.org/jira/browse/GERONIMO-5383 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: webservices > Affects Versions: 2.1.5, 2.2 > Reporter: Rick McGuire > Assignee: Rick McGuire > Priority: Critical > Fix For: 2.1.6, 2.2.1 > > > New versions of CXF and Axis2 are available containing some critical security fixes that need to be made available for Geronimo 2.1.x and 2.2.x. Details of the exposure can be found here: > https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf > https://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.