From db89a13e3f7b256254a8131dea5595596f170a17 Mon Sep 17 00:00:00 2001 From: "Kraemer, Benjamin" Date: Thu, 29 Feb 2024 10:27:40 +0100 Subject: [PATCH 1/2] Add february updates --- release-notes/6.0/cve.md | 3 +++ release-notes/7.0/cve.md | 3 +++ release-notes/8.0/cve.md | 3 +++ 3 files changed, 9 insertions(+) diff --git a/release-notes/6.0/cve.md b/release-notes/6.0/cve.md index 64f4d2eed1..114ea9df3d 100644 --- a/release-notes/6.0/cve.md +++ b/release-notes/6.0/cve.md @@ -8,6 +8,9 @@ Your app needs to be on the latest .NET 6 patch version to be secure. The longer Your app may be vulnerable to the following published security [CVEs](https://www.cve.org/) if you are using an older .NET 6 patch version. +- 6.0.27 (February 2024) + - [CVE-2024-21386 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/295) + - [CVE-2024-21404 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/296) - 6.0.26 (January 2024) - [CVE-2024-0056](https://github.com/dotnet/announcements/issues/292) | .NET Information Disclosure Vulnerability - [CVE-2024-0057 | .NET Security Feature Bypass Vulnerability](https://github.com/dotnet/announcements/issues/291) diff --git a/release-notes/7.0/cve.md b/release-notes/7.0/cve.md index 9dd6dcf0e1..fa930d2ac2 100644 --- a/release-notes/7.0/cve.md +++ b/release-notes/7.0/cve.md @@ -8,6 +8,9 @@ Your app needs to be on the latest .NET 7 patch version to be secure. The longer Your app may be vulnerable to the following published security [CVEs](https://www.cve.org/) if you are using the given version or older. +- 7.0.16 (February 2024) + - [CVE-2024-21386 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/295) + - [CVE-2024-21404 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/296) - 7.0.15 (January 2024) - [CVE-2024-0056 | .NET Information Disclosure Vulnerability](https://github.com/dotnet/announcements/issues/292) - [CVE-2024-0057 | .NET Security Feature Bypass Vulnerability](https://github.com/dotnet/announcements/issues/291) diff --git a/release-notes/8.0/cve.md b/release-notes/8.0/cve.md index c13ba42a0e..01977f1cf1 100644 --- a/release-notes/8.0/cve.md +++ b/release-notes/8.0/cve.md @@ -7,6 +7,9 @@ Your app needs to be on the latest .NET 8 patch version to be secure. The longer ## Which CVEs apply to my app? Your app may be vulnerable to the following published security [CVEs](https://www.cve.org/) if you are using the given version or older. +- 8.0.2 (February 2024) + - [CVE-2024-21386 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/295) + - [CVE-2024-21404 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/296) - 8.0.1 (January 2024) - [CVE-2024-0056 | .NET Information Disclosure Vulnerability](https://github.com/dotnet/announcements/issues/292) - [CVE-2024-0057 | .NET Security Feature Bypass Vulnerability](https://github.com/dotnet/announcements/issues/291) From a5818470ec797fc30e26a99c8fb24a55a33de2f9 Mon Sep 17 00:00:00 2001 From: "Kraemer, Benjamin" Date: Thu, 29 Feb 2024 10:30:22 +0100 Subject: [PATCH 2/2] Minor form fix --- release-notes/6.0/cve.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-notes/6.0/cve.md b/release-notes/6.0/cve.md index 114ea9df3d..18f2f90deb 100644 --- a/release-notes/6.0/cve.md +++ b/release-notes/6.0/cve.md @@ -12,7 +12,7 @@ Your app may be vulnerable to the following published security [CVEs](https://ww - [CVE-2024-21386 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/295) - [CVE-2024-21404 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/296) - 6.0.26 (January 2024) - - [CVE-2024-0056](https://github.com/dotnet/announcements/issues/292) | .NET Information Disclosure Vulnerability + - [CVE-2024-0056 | .NET Information Disclosure Vulnerability](https://github.com/dotnet/announcements/issues/292) - [CVE-2024-0057 | .NET Security Feature Bypass Vulnerability](https://github.com/dotnet/announcements/issues/291) - [CVE-2024-21319 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/290) - 6.0.25 (November 2023)