[prev in list] [next in list] [prev in thread] [next in thread]
List: jakarta-commons-dev
Subject: Re: [Fileupload] CVE security page and site distribution
From: Bernd Eckenfels <ecki () zusammenkunft ! net>
Date: 2016-06-30 19:54:11
Message-ID: 20160630215411.00001a30.ecki () zusammenkunft ! net
[Download RAW message or body]
Hello,
I pushed a security report for commons fileupload (incl. the 3 CVEs I
could find).
http://svn.apache.org/viewvc?rev=1750857&view=rev
Please somebody have a look and publish the site (I dont trust my
tooling with this). After the push it needs to be linked from the
commons-security page as well.
Gruss
Bernd
Am Thu, 30 Jun 2016 10:46:12 +0000
schrieb Benedikt Ritter <britter@apache.org>:
> We still need to create a security site. Commons Compress can be used
> as an example for this. I don't have time to do it right now.
>
> Benedikt
>
> Benedikt Ritter <britter@apache.org> schrieb am Do., 30. Juni 2016 um
> 12:41 Uhr:
>
> > Hello Bernd,
> >
> > I've fixed this in revision 14202 in the dist area. Does this work
> > for you?
> >
> > Benedikt
> >
> > Bernd <ecki@zusammenkunft.net> schrieb am Di., 28. Juni 2016 um
> > 13:38 Uhr:
> >
> > > Hello,
> > >
> > > I was trying to come up with a Victims-cve-db entry for
> > > CVE-2016-3092 and I
> > > noticed a few odd things (
> > > https://github.com/victims/victims-cve-db/pull/47
> > > ):
> > >
> > > a) the original mail from Jochen did contain a link to a security
> > > page but Commons FileUpload does not have one:
> > >
> > >
> > > http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C45A20804-ABFF-4FED-A297-69AC95AB9A3F@apache.org%3E
> > >
> > > ->
> > > https://commons.apache.org/proper/commons-fileupload/security.html
> > >
> > > b) the change for the release notes is only in trunk, not published
> > > to the site or the archives. This makes it hard to link to a
> > > definitive source.
> > >
> > > Gruss
> > > Bernd
> > >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic