Justin, Could this note be added to the 0.18 release notes for the C++ broker?
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mark J Cox Sent: Thursday, August 30, 2012 5:28 AM To: Steve Huston Cc: [email protected]; [email protected] Subject: Re: QPID-3849 If you are in agreement it's a security vulnerability It would definitely be worth stating that you fixed this in the 0.18 release. Usually when you announce 0.18 you'd mention the CVE at that time. Use CVE-2012-3550 Thanks, Mark On Fri, Jul 27, 2012 at 2:21 PM, Steve Huston <[email protected]> wrote: > Hi Mark, > > Thank you for contacting us. The bug was resolved and will be included > in the 0.18 release which is in progress now. > > Should we issue a CVE for prior versions? What's the process for that? > > -Steve Huston > > On 7/27/12 5:07 AM, "Mark J Cox" <[email protected]> wrote: > >>Hi QPID folks; one of my team pointed me to >>https://issues.apache.org/jira/browse/QPID-3849 which appears to be a >>security issue. Are you dealing with it as a security issue and going >>to provide a security update/advisory? I can give you a CVE name for >>this issue if so, just let me know. >> >>Cheers, Mark >>ASF Security Team > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] For additional > commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
