This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-website.git
The following commit(s) were added to refs/heads/main by this push:
new f17b4218 Retracting CVE-2022-45046
f17b4218 is described below
commit f17b4218d88edd585d129d5171f7292c525caea9
Author: Andrea Cosentino <[email protected]>
AuthorDate: Thu Dec 15 13:16:00 2022 +0100
Retracting CVE-2022-45046
Signed-off-by: Andrea Cosentino <[email protected]>
---
content/security/CVE-2022-45046.md | 4 +++-
content/security/CVE-2022-45046.txt.asc | 20 +++++++++++---------
2 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/content/security/CVE-2022-45046.md
b/content/security/CVE-2022-45046.md
index 3d1ecf7e..704a2e26 100644
--- a/content/security/CVE-2022-45046.md
+++ b/content/security/CVE-2022-45046.md
@@ -1,5 +1,5 @@
---
-title: "Apache Camel Security Advisory - CVE-2022-45046"
+title: "Apache Camel Security Advisory - CVE-2022-45046 (Retracted)"
date: 2022-12-05T08:47:42+02:00
url: /security/CVE-2022-45046.html
draft: false
@@ -17,3 +17,5 @@ fixed: 3.14.6, 3.18.4
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-186906 refers to
the various commits that resovoled the issue, and have more details.
The camel-spring-ldap component is not affected. Users could use move to the
Camel-Spring-Ldap component.
+The security vulnerability after further analysis is a false alarm (no
security risk) and this CVE is retracted.
+
diff --git a/content/security/CVE-2022-45046.txt.asc
b/content/security/CVE-2022-45046.txt.asc
index 562c272e..abbb4c22 100644
--- a/content/security/CVE-2022-45046.txt.asc
+++ b/content/security/CVE-2022-45046.txt.asc
@@ -1,7 +1,7 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
-CVE-2022-45046: LDAP Injection in camel-ldap
+CVE-2022-45046: LDAP Injection in camel-ldap (Retracted)
Severity: MEDIUM
@@ -19,14 +19,16 @@ refers to the various commits that resovoled the issue, and
have more details.
Credit: This issue was discovered by 4ra1n from Chaitin Tech
The camel-spring-ldap component is not affected. Users could use move to the
Camel-Spring-Ldap component.
+
+The security vulnerability after further analysis is a false alarm (no
security risk) and this CVE is retracted.
-----BEGIN PGP SIGNATURE-----
-iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmOO/TUACgkQ406fOAL/
-QQCI9Qf/UOzWWKhXNc+KPR4GyiQ3aKbXgA0TiEFiAYWfsH/bGrw7Urmze99ad1Id
-gcp6Ejfe+vjNFw3TR4wdwvvyH+PKUx5CvZOKCy4GfB4n+1MPxItqecOoz98erbhD
-SyuLCRo9r2AV86FUQJVYykTQLWEKc6SJJEQcPGNWRzx/VkNDtf81Pkdwwl8HNFmI
-xL6E1yfYEzfBvkiyqODCcyosWD9/KdqdJeE/pXsQrsnRF015f4aoQVm33yqw8zjT
-ochip7dTRdkXjwRVFa3kyyigL8tTTJOO0/VAIT0uEwsoIU8QYe0FLhZzHQbOGlyS
-zC8yC9QREaSBIG3ALpyuSp6YDIZNLg==
-=imPt
+iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmObGwUACgkQ406fOAL/
+QQDo6gf6A4nmp8h/Romt1GRR24aPkizqXBEH7iEk8DSF35IePwGfvRsBAV472dP1
+U/QrhmOpRgiLSYwXkahlZZn9yU2oeBrcjwiIbPBNmjYOwIhRaYib5yasJagsp1mh
+roK1OQZc9ke3KccJtguTc8cwaV7S3YBzw8E6V4XuoPmFA69IdL0YEOjkgfNI9Csw
+4YfL/mF8k2xLfqMeuMk0buShxW9bVDW6V3sAF3hG+QTGI1J/11z515vVU0frXB5f
+l64+qnaBpG+vpeL/vJamzsRMNaslcj19rgQ5jwHZyD4sgiooHJJZsFUJFdHpV8Pa
+3IZ5eFBti+VU0x2BqipaW0w4RAqb4A==
+=Ppzl
-----END PGP SIGNATURE-----
