[
https://issues.apache.org/jira/browse/CONFIGURATION-818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17576192#comment-17576192
]
Gary D. Gregory commented on CONFIGURATION-818:
-----------------------------------------------
No, the links are useless (to me at least): "You (email=***@gmail.com) are not
authorized to access this page!" If I choose my GitHub account, it wants
personal information: "oss-fuzz login by oliverchang
wants to access your garydgregory account", so no.
You can create PRs on GitHub that demonstrate the problems if want to move this
through, so we can see what the deal is for each link.
> Stackoverflow bugs fixed in 2.8.0
> ---------------------------------
>
> Key: CONFIGURATION-818
> URL: https://issues.apache.org/jira/browse/CONFIGURATION-818
> Project: Commons Configuration
> Issue Type: Bug
> Affects Versions: 2.7
> Reporter: Henry Lin
> Priority: Major
> Labels: security
> Fix For: 2.8.0
>
>
> Dear Apache Commons Configuration maintainers,
> The Code Intelligence JVM fuzzer
> [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer] has found multiple
> vulnerabilities in Apache Commons Configuration during a fuzzing run in
> [Google OSS-Fuzz|https://github.com/google/oss-fuzz]. The vulnerabilities
> were already fixed. Version <= 2.7 of Apache Commons Configuration is
> vulnerable.
> Detailed Information can be found here:
> [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48737]
> [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48610]
> [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48522]
> [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48391]
> [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48195]
>
> Please let me know if you have any questions regarding fuzzing or the
> OSS-Fuzz integration.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
