i just meant in the announcement/changelog.
-matt
On 12/5/07, Bernard Li <[EMAIL PROTECTED]> wrote:
>
> Hi Matt:
>
> On 12/5/07, Matt Massie <[EMAIL PROTECTED]> wrote:
>
> > make sure we credit "Romain Wartel" at CERN for discovering the
> > vulnerability and reporting it to us. thanks for pulli
Hi Matt:
On 12/5/07, Matt Massie <[EMAIL PROTECTED]> wrote:
> make sure we credit "Romain Wartel" at CERN for discovering the
> vulnerability and reporting it to us. thanks for pulling this together to
> push out!
How would you like to credit him? Perhaps via the AUTHORS file?
That file is a
make sure we credit "Romain Wartel" at CERN for discovering the
vulnerability and reporting it to us. thanks for pulling this together to
push out!
-matt
On 12/5/07, Bernard Li <[EMAIL PROTECTED]> wrote:
>
> Hi guys:
>
> On 12/5/07, Martin Knoblauch <[EMAIL PROTECTED]> wrote:
>
> > I tend to ag
Hi guys:
On 12/5/07, Martin Knoblauch <[EMAIL PROTECTED]> wrote:
> I tend to agree. Unless there is a critical functional bug in 3.0.5, we
> should just do
> a security release.
This will be a plan.
I will build 3.0.x snapshots with Alex's fixes shortly and post them
to the website.
Cheers,
- Original Message
> From: Brad Nicholes <[EMAIL PROTECTED]>
> To: Matt Massie <[EMAIL PROTECTED]>; Bernard Li <[EMAIL PROTECTED]>
> Cc: [email protected]
> Sent: Wednesday, December 5, 2007 10:59:42 PM
> Subject: Re: [Gangli
>>> On 12/5/2007 at 12:22 PM, in message
<[EMAIL PROTECTED]>, "Bernard Li"
<[EMAIL PROTECTED]> wrote:
> Hi guys:
>
> On 12/5/07, Matt Massie <[EMAIL PROTECTED]> wrote:
>
>> outstanding!
>>
>> i'll send all the details to you in a separate email. thanks for stepping
>> up!
>
> I guess we should
Hi guys:
On 12/5/07, Matt Massie <[EMAIL PROTECTED]> wrote:
> outstanding!
>
> i'll send all the details to you in a separate email. thanks for stepping
> up!
I guess we should re-open the 3.0.x branch, backport the fixes from
trunk and release 3.0.6 as a security bugfix release?
Cheers,
Bern
outstanding!
i'll send all the details to you in a separate email. thanks for stepping
up!
-matt
On 12/5/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> Quoting Matt Massie <[EMAIL PROTECTED]>:
>
> > we need to systematically review all our template variable assignments
> to
> > make sure
Quoting Matt Massie <[EMAIL PROTECTED]>:
> we need to systematically review all our template variable assignments to
> make sure they are not vulnerable. is there someone on the team who would
> like to step up to take the lead on this? i'd like to prevent publicly
> explaining the vulnerability
guys-
i was just contacted by CERN about a cross-scripting vulnerability they
found in our web front-end. i've just checked into subversion a quick fix
to one known problem presented to me.
we need to systematically review all our template variable assignments to
make sure they are not vulnerabl
10 matches
Mail list logo
