Hello, I pushed a security report for commons fileupload (incl. the 3 CVEs I could find).
http://svn.apache.org/viewvc?rev=1750857&view=rev Please somebody have a look and publish the site (I dont trust my tooling with this). After the push it needs to be linked from the commons-security page as well. Gruss Bernd Am Thu, 30 Jun 2016 10:46:12 +0000 schrieb Benedikt Ritter <[email protected]>: > We still need to create a security site. Commons Compress can be used > as an example for this. I don't have time to do it right now. > > Benedikt > > Benedikt Ritter <[email protected]> schrieb am Do., 30. Juni 2016 um > 12:41 Uhr: > > > Hello Bernd, > > > > I've fixed this in revision 14202 in the dist area. Does this work > > for you? > > > > Benedikt > > > > Bernd <[email protected]> schrieb am Di., 28. Juni 2016 um > > 13:38 Uhr: > > > >> Hello, > >> > >> I was trying to come up with a Victims-cve-db entry for > >> CVE-2016-3092 and I > >> noticed a few odd things ( > >> https://github.com/victims/victims-cve-db/pull/47 > >> ): > >> > >> a) the original mail from Jochen did contain a link to a security > >> page but Commons FileUpload does not have one: > >> > >> > >> http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%[email protected]%3E > >> > >> -> > >> https://commons.apache.org/proper/commons-fileupload/security.html > >> > >> b) the change for the release notes is only in trunk, not published > >> to the site or the archives. This makes it hard to link to a > >> definitive source. > >> > >> Gruss > >> Bernd > >> > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
