When will the CVE entry be updated? http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0253
On Feb 23, 2013, at 9:59 AM, Olivier Lamy <[email protected]> wrote: > VE-2013-0253 Apache Maven > > Severity: Medium > > Vendor: The Apache Software Foundation > > Versions Affected: > - Apache Maven 3.0.4 > - Apache Maven Wagon 2.1, 2.2, 2.3 > > Description: > Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure > SSL mode by default. This mode disables all SSL certificate checking, > including: host name verification , date validity, and certificate > chain. Not validating the certificate introduces the possibility of a > man-in-the-middle attack. > > All users are recommended to upgrade to Apache Maven 3.0.5 and Apache > Maven Wagon 2.4. > > Credit > This issue was identified by Graham Leggett > > -- > The Apache Maven Team Thanks, Jason ---------------------------------------------------------- Jason van Zyl Founder & CTO, Sonatype Founder, Apache Maven http://twitter.com/jvanzyl --------------------------------------------------------- First, the taking in of scattered particulars under one Idea, so that everyone understands what is being talked about ... Second, the separation of the Idea into parts, by dividing it at the joints, as nature directs, not breaking any limb in half as a bad carver might. -- Plato, Phaedrus (Notes on the Synthesis of Form by C. Alexander)
