Hello, I pushed a security report for commons fileupload (incl. the 3 CVEs I could find).
http://svn.apache.org/viewvc?rev=1750857&view=rev Please somebody have a look and publish the site (I dont trust my tooling with this). After the push it needs to be linked from the commons-security page as well. Gruss Bernd Am Thu, 30 Jun 2016 10:46:12 +0000 schrieb Benedikt Ritter <brit...@apache.org>: > We still need to create a security site. Commons Compress can be used > as an example for this. I don't have time to do it right now. > > Benedikt > > Benedikt Ritter <brit...@apache.org> schrieb am Do., 30. Juni 2016 um > 12:41 Uhr: > > > Hello Bernd, > > > > I've fixed this in revision 14202 in the dist area. Does this work > > for you? > > > > Benedikt > > > > Bernd <e...@zusammenkunft.net> schrieb am Di., 28. Juni 2016 um > > 13:38 Uhr: > > > >> Hello, > >> > >> I was trying to come up with a Victims-cve-db entry for > >> CVE-2016-3092 and I > >> noticed a few odd things ( > >> https://github.com/victims/victims-cve-db/pull/47 > >> ): > >> > >> a) the original mail from Jochen did contain a link to a security > >> page but Commons FileUpload does not have one: > >> > >> > >> http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3c45a20804-abff-4fed-a297-69ac95ab9...@apache.org%3E > >> > >> -> > >> https://commons.apache.org/proper/commons-fileupload/security.html > >> > >> b) the change for the release notes is only in trunk, not published > >> to the site or the archives. This makes it hard to link to a > >> definitive source. > >> > >> Gruss > >> Bernd > >> > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
