From 30f21f0169f2078cdcd03626327bff05875e6948 Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Wed, 3 Jun 2020 21:24:09 +0200 Subject: Update security advisories with issues fixed in F release Issue-ID: SECCOM-266 Signed-off-by: Krzysztof Opasiak Change-Id: I4577d0dba336689e62a3d0ea54719e6b257f3fa3 --- docs/index.rst | 2 +- osa/OSA-2019-002.rst | 2 +- osa/OSA-2019-010.rst | 2 +- osa/OSA-2019-011.rst | 2 +- osa/OSA-2019-012.rst | 2 +- osa/OSA-2019-013.rst | 2 +- osa/OSA-2019-014.rst | 2 +- osa/OSA-2019-015.rst | 4 ++-- osa/OSA-2019-018.rst | 4 ++-- osa/OSA-2019-021.rst | 2 +- osa/OSA-2019-022.rst | 4 ++-- osa/OSA-2019-023.rst | 4 ++-- 12 files changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/index.rst b/docs/index.rst index 6510992..d9ac121 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -24,7 +24,7 @@ To get more details about our vulnerability management process or learn about al ONAP Security Advisories (OSA) ------------------------------ -You can find the complete list of published advisories here: +You can find the up to date list of published advisories here: .. toctree:: :maxdepth: 1 diff --git a/osa/OSA-2019-002.rst b/osa/OSA-2019-002.rst index 6e47ff8..13a3d24 100644 --- a/osa/OSA-2019-002.rst +++ b/osa/OSA-2019-002.rst @@ -26,7 +26,7 @@ Jakub Botwicz from Samsung reported a vulnerability in ONAP APPC. By providing a Patches ------- -No patch for this vulnerability has been proposed yet. +* `90244 `_ Credits ------- diff --git a/osa/OSA-2019-010.rst b/osa/OSA-2019-010.rst index b3024b1..e0a1e69 100644 --- a/osa/OSA-2019-010.rst +++ b/osa/OSA-2019-010.rst @@ -26,7 +26,7 @@ Radosław Żeszczuk from Samsung reported vulnerability in SDC. By accessing por Patches ------- -No patch for this vulnerability has been proposed yet. +* `94802 `_ Credits ------- diff --git a/osa/OSA-2019-011.rst b/osa/OSA-2019-011.rst index 25f130a..c89f81d 100644 --- a/osa/OSA-2019-011.rst +++ b/osa/OSA-2019-011.rst @@ -26,7 +26,7 @@ Radosław Żeszczuk from Samsung reported vulnerability in SDC. By accessing por Patches ------- -No patch for this vulnerability has been proposed yet. +* `94808 `_ Credits ------- diff --git a/osa/OSA-2019-012.rst b/osa/OSA-2019-012.rst index 3d66a85..1618b77 100644 --- a/osa/OSA-2019-012.rst +++ b/osa/OSA-2019-012.rst @@ -26,7 +26,7 @@ Radosław Żeszczuk from Samsung reported vulnerability in SDC. By accessing por Patches ------- -No patch for this vulnerability has been proposed yet. +* `94807 `_ Credits ------- diff --git a/osa/OSA-2019-013.rst b/osa/OSA-2019-013.rst index 6252158..2b36742 100644 --- a/osa/OSA-2019-013.rst +++ b/osa/OSA-2019-013.rst @@ -26,7 +26,7 @@ Radosław Żeszczuk from Samsung reported vulnerability in SDC. By accessing por Patches ------- -No patch for this vulnerability has been proposed yet. +* `94801 `_ Credits ------- diff --git a/osa/OSA-2019-014.rst b/osa/OSA-2019-014.rst index dc291f4..5593fd6 100644 --- a/osa/OSA-2019-014.rst +++ b/osa/OSA-2019-014.rst @@ -26,7 +26,7 @@ Radosław Żeszczuk from Samsung reported vulnerability in SDC. By accessing por Patches ------- -No patch for this vulnerability has been proposed yet. +* `94806 `_ Credits ------- diff --git a/osa/OSA-2019-015.rst b/osa/OSA-2019-015.rst index 0cca199..61ccd18 100644 --- a/osa/OSA-2019-015.rst +++ b/osa/OSA-2019-015.rst @@ -16,7 +16,7 @@ OSA-2019-016: VNFSDK exposes JDWP port on localhost which allows to gain root pr Affects ------- -* VNFSDK: Dublin and earlier +* VNFSDK: El Alto and earlier Description ----------- @@ -26,7 +26,7 @@ Radosław Żeszczuk from Samsung reported vulnerability in VNFSDK. By accessing Patches ------- -No patch for this vulnerability has been proposed yet. +* `104335 `_ Credits ------- diff --git a/osa/OSA-2019-018.rst b/osa/OSA-2019-018.rst index 00ce804..aec158e 100644 --- a/osa/OSA-2019-018.rst +++ b/osa/OSA-2019-018.rst @@ -16,7 +16,7 @@ OSA-2019-018: SQL Injections in Portal Affects ------- -* Portal: Dublin and earlier +* Portal: El Alto and earlier Description ----------- @@ -26,7 +26,7 @@ Jakub Botwicz and Łukasz Wrochna from Samsung reported a number of vulnerabilit Patches ------- -No patch for this vulnerability has been proposed yet (work in progress). +Issue fixed with major ONAP Portal rework in Frankfurt. Credits ------- diff --git a/osa/OSA-2019-021.rst b/osa/OSA-2019-021.rst index 8d15e14..f258413 100644 --- a/osa/OSA-2019-021.rst +++ b/osa/OSA-2019-021.rst @@ -26,7 +26,7 @@ akub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Sams Patches ------- -No patch for this vulnerability has been proposed yet. +* `95524 `_ Credits ------- diff --git a/osa/OSA-2019-022.rst b/osa/OSA-2019-022.rst index 80871f2..7af3eda 100644 --- a/osa/OSA-2019-022.rst +++ b/osa/OSA-2019-022.rst @@ -16,7 +16,7 @@ OSA-2019-022: Unprotected APIs/UIs exposed in OOM project Affects ------- -* OOM: Dublin and earlier +* OOM: El Alto and earlier Description ----------- @@ -26,7 +26,7 @@ Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Sam Patches ------- -No patch for this vulnerability has been proposed yet. +* `102737 `_ Credits ------- diff --git a/osa/OSA-2019-023.rst b/osa/OSA-2019-023.rst index a38307f..b85459c 100644 --- a/osa/OSA-2019-023.rst +++ b/osa/OSA-2019-023.rst @@ -16,7 +16,7 @@ OSA-2019-023: Unprotected APIs/UIs exposed in SO project Affects ------- -* SO: Dublin and earlier +* SO: El Alto and earlier Description ----------- @@ -26,7 +26,7 @@ Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Sam Patches ------- -No patch for this vulnerability has been proposed yet. +Fix required several patches. More details can be found in `OJSI-203 `_ Credits ------- -- cgit 1.2.3-korg