Bernd Eckenfels <e...@zusammenkunft.net> schrieb am Do., 30. Juni 2016 um 21:52 Uhr:
> Hello, > > I pushed a security report for commons fileupload (incl. the 3 CVEs I > could find). > > http://svn.apache.org/viewvc?rev=1750857&view=rev > > Please somebody have a look and publish the site (I dont trust my > tooling with this). After the push it needs to be linked from the > commons-security page as well. > done. > > Gruss > Bernd > > > Am Thu, 30 Jun 2016 10:46:12 +0000 > schrieb Benedikt Ritter <brit...@apache.org>: > > > We still need to create a security site. Commons Compress can be used > > as an example for this. I don't have time to do it right now. > > > > Benedikt > > > > Benedikt Ritter <brit...@apache.org> schrieb am Do., 30. Juni 2016 um > > 12:41 Uhr: > > > > > Hello Bernd, > > > > > > I've fixed this in revision 14202 in the dist area. Does this work > > > for you? > > > > > > Benedikt > > > > > > Bernd <e...@zusammenkunft.net> schrieb am Di., 28. Juni 2016 um > > > 13:38 Uhr: > > > > > >> Hello, > > >> > > >> I was trying to come up with a Victims-cve-db entry for > > >> CVE-2016-3092 and I > > >> noticed a few odd things ( > > >> https://github.com/victims/victims-cve-db/pull/47 > > >> ): > > >> > > >> a) the original mail from Jochen did contain a link to a security > > >> page but Commons FileUpload does not have one: > > >> > > >> > > >> > http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3c45a20804-abff-4fed-a297-69ac95ab9...@apache.org%3E > > >> > > >> -> > > >> https://commons.apache.org/proper/commons-fileupload/security.html > > >> > > >> b) the change for the release notes is only in trunk, not published > > >> to the site or the archives. This makes it hard to link to a > > >> definitive source. > > >> > > >> Gruss > > >> Bernd > > >> > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
