[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file
From:       peacewong <peacewong () apache ! org>
Date:       2023-04-19 3:44:59
Message-ID: CADVnWi=n4kWTUoT6dqqSE6U2-6qrdzQL5EMprTVqdhW+k2i14Q () mail ! gmail ! com
[Download RAW message or body]


Hi  Seth Arnold,
    Thank you for your reply, I will modify the content according to the
process

Best Regards,
Peace Wong

Seth Arnold <seth.arnold@canonical.com> 于2023年4月18日周二 09:27写道：

> On Mon, Apr 10, 2023 at 06:14:37AM +0000, Heping Wang wrote:
> > https://linkis.apache.org
> > https://www.cve.org/CVERecord?id=CVE-2023-27602
>
> Hello Heping, thanks for contacting the oss-security mail list about this
> security issue in an Apache project.
>
> I'd like to suggest that your email would be far more useful if
> it included some details like affected versions: ideally, when a
> vulnerability was introduced, and definitely, when it was fixed, if a
> fix is available. Best would be a direct link to a patch in a source
> control system, or attaching the patch directly.
>
> This particular email has very few details and no references for a fix so
> it is very difficult for anyone to take concrete actions.
>
> Here's two recent postings that are far easier for downstream distributors
> and consumers alike to use:
> https://www.openwall.com/lists/oss-security/2023/04/04/1
> https://www.openwall.com/lists/oss-security/2023/03/21/3
>
> I'd like to encourage Apache to use these as inspiration for future
> oss-security postings.
>
> Thanks
>
>


[prev in list] [next in list] [prev in thread] [next in thread]