diff options
| author | John Korsnes <johnkors@gmail.com> | 2019-01-09 19:13:04 +0300 |
|---|---|---|
| committer | Karel Zikmund <karelz@microsoft.com> | 2019-01-09 19:13:04 +0300 |
| commit | fe04ad9ed048288b5e44e5eb307145d0302337d7 (patch) | |
| tree | 877d6f48c2b42c678db166fa6d04cba35e21eb6a | |
| parent | 877be50ed1f01f425351a9cc36efe6a149ce59de (diff) | |
| -rw-r--r-- | release-notes/2.2/2.2.1/2.2.1.md | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/release-notes/2.2/2.2.1/2.2.1.md b/release-notes/2.2/2.2.1/2.2.1.md index 7369e861..fee885fe 100644 --- a/release-notes/2.2/2.2.1/2.2.1.md +++ b/release-notes/2.2/2.2.1/2.2.1.md @@ -51,7 +51,7 @@ The following OS versions have changed support status since our last release: All fixes of note can be seen in the [2.2.1 commits](2.2.1-commits.md) list. -* ### [CVE-2019-0545: .NET Core Information Disclosure Vulnerability](https://github.com/dotnet/Announcements/issues/XX) +* ### [CVE-2019-0545: .NET Core Information Disclosure Vulnerability](https://github.com/dotnet/Announcements/issues/94) The security update addresses the vulnerability by enforcing Cross-origin Resource Sharing (CORS) configuration to prevent its bypass in .NET Core 2.1 and 2.2. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. @@ -61,7 +61,7 @@ All fixes of note can be seen in the [2.2.1 commits](2.2.1-commits.md) list. ------------ | ------------------- | ------------------------- System.Net.Http | 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4 | 4.3.5 -* ### [CVE-2019-0548: ASP.NET Core Denial Of Service Vulnerability](https://github.com/dotnet/Announcements/issues/XX) +* ### [CVE-2019-0548: ASP.NET Core Denial Of Service Vulnerability](https://github.com/aspnet/Announcements/issues/335) This security vulnerability exists in ASP.NET Core 1.0, 1.1, 2.1 and 2.2. If an application is hosted on Internet Information Server (IIS) a remote unauthenticated attacker can use a specially crafted request to cause a Denial of Service. @@ -71,7 +71,7 @@ All fixes of note can be seen in the [2.2.1 commits](2.2.1-commits.md) list. ------------ | ------------------- | ------------------------- AspNetCoreModule (ANCM) | Prior to 12.2.18346.0 | >=12.2.18346.0 -* ### [CVE-2019-0564: ASP.NET Core Denial Of Service Vulnerability](https://github.com/dotnet/Announcements/issues/XX) +* ### [CVE-2019-0564: ASP.NET Core Denial Of Service Vulnerability](https://github.com/aspnet/Announcements/issues/334) This security vulnerability exists when ASP.NET Core 2.1 and 2.2 improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. |