'Re: [Fileupload] CVE security page and site distribution'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jakarta-commons-dev
Subject:    Re: [Fileupload] CVE security page and site distribution
From:       Bernd Eckenfels <ecki () zusammenkunft ! net>
Date:       2016-06-30 19:54:11
Message-ID: 20160630215411.00001a30.ecki () zusammenkunft ! net
[Download RAW message or body]

Hello,

I pushed a security report for commons fileupload (incl. the 3 CVEs I
could find).

http://svn.apache.org/viewvc?rev=1750857&view=rev

Please somebody have a look and publish the site (I dont trust my
tooling with this). After the push it needs to be linked from the
commons-security page as well.

Gruss
Bernd


 Am Thu, 30 Jun 2016 10:46:12 +0000
schrieb Benedikt Ritter <britter@apache.org>:

> We still need to create a security site. Commons Compress can be used
> as an example for this. I don't have time to do it right now.
> 
> Benedikt
> 
> Benedikt Ritter <britter@apache.org> schrieb am Do., 30. Juni 2016 um
> 12:41 Uhr:
> 
> > Hello Bernd,
> > 
> > I've fixed this in revision 14202 in the dist area. Does this work
> > for you?
> > 
> > Benedikt
> > 
> > Bernd <ecki@zusammenkunft.net> schrieb am Di., 28. Juni 2016 um
> > 13:38 Uhr:
> > 
> > > Hello,
> > > 
> > > I was trying to come up with a Victims-cve-db entry for
> > > CVE-2016-3092 and I
> > > noticed a few odd things (
> > > https://github.com/victims/victims-cve-db/pull/47
> > > ):
> > > 
> > > a) the original mail from Jochen did contain a link to a security
> > > page but Commons FileUpload does not have one:
> > > 
> > > 
> > > http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C45A20804-ABFF-4FED-A297-69AC95AB9A3F@apache.org%3E
> > >  
> > > ->
> > > https://commons.apache.org/proper/commons-fileupload/security.html
> > > 
> > > b) the change for the release notes is only in trunk, not published
> > > to the site or the archives. This makes it hard to link to a
> > > definitive source.
> > > 
> > > Gruss
> > > Bernd
> > > 
> > 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic