Re: [Fileupload] CVE security page and site distribution

2016-07-01 Thread Jochen Wiedmann
On Fri, Jul 1, 2016 at 8:00 AM, Benedikt Ritter wrote: > Bernd Eckenfels schrieb am Do., 30. Juni 2016 um 21:52 Uhr: >> Please somebody have a look and publish the site (I dont trust my >> tooling with this). After the push it needs to be linked from

Re: [Fileupload] CVE security page and site distribution

2016-07-01 Thread Benedikt Ritter
Bernd Eckenfels schrieb am Do., 30. Juni 2016 um 21:52 Uhr: > Hello, > > I pushed a security report for commons fileupload (incl. the 3 CVEs I > could find). > > http://svn.apache.org/viewvc?rev=1750857=rev > > Please somebody have a look and publish the site (I dont

Re: [Fileupload] CVE security page and site distribution

2016-06-30 Thread Bernd Eckenfels
Hello, I pushed a security report for commons fileupload (incl. the 3 CVEs I could find). http://svn.apache.org/viewvc?rev=1750857=rev Please somebody have a look and publish the site (I dont trust my tooling with this). After the push it needs to be linked from the commons-security page as

Re: [Fileupload] CVE security page and site distribution

2016-06-30 Thread Benedikt Ritter
We still need to create a security site. Commons Compress can be used as an example for this. I don't have time to do it right now. Benedikt Benedikt Ritter schrieb am Do., 30. Juni 2016 um 12:41 Uhr: > Hello Bernd, > > I've fixed this in revision 14202 in the dist area.

Re: [Fileupload] CVE security page and site distribution

2016-06-30 Thread Benedikt Ritter
Hello Bernd, I've fixed this in revision 14202 in the dist area. Does this work for you? Benedikt Bernd schrieb am Di., 28. Juni 2016 um 13:38 Uhr: > Hello, > > I was trying to come up with a Victims-cve-db entry for CVE-2016-3092 and I > noticed a few odd things ( >

[Fileupload] CVE security page and site distribution

2016-06-28 Thread Bernd
Hello, I was trying to come up with a Victims-cve-db entry for CVE-2016-3092 and I noticed a few odd things (https://github.com/victims/victims-cve-db/pull/47 ): a) the original mail from Jochen did contain a link to a security page but Commons FileUpload does not have one: