On 20/12/2017 01:08, Daniel Shahaf wrote: > Stefan wrote on Tue, 19 Dec 2017 23:39 +0100: > [...] >> Since I never calculated the CVSS score for a Subversion vulnerability >> before, > If you're interested, you could go through the more recent advisories > (the security/ directories in the site and in the private repository), > read the patches that fixed them, compute a CVSSv2 or CVSSv3 vector > based on that (only, without reading the in-advisory analysis), and then > compare the one you computed with the one in the advisory. > > This way, when the next vulnerability is reported, you'd be better able > to help compute / review a CVSS vector for it. Good hint. I'll eventually get more familiar with it. For the time being I however will focus on cleaning up the remaining dead links throughout our webpage, put together the hackathon page, and then get on signing/testing the 1.10 RC1 builds as well as releasing new MaxSVN builds (at least that's my current priority list).
Regards, Stefan
