Thanks Glen. And yes these are the fixes for those issues.
Is cc-ing the [email protected] list all I have to do? (I just read
http://www.apache.org/security/committers.html and we don't have a
specific jUDDI list for security)
thx,
--Kurt
kstam at apache.org
Glen Daniels wrote:
Hi Kurt!
You're on top of this, yes?
--Glen
-------- Original Message --------
Subject: Re: [Fwd: Apache juddi issues]
Date: Thu, 23 Apr 2009 16:08:51 +0100
From: Mark J Cox <[email protected]>
Reply-To: [email protected]
To: Marc Schoenefeld <[email protected]>
CC: [email protected] <[email protected]>, [email protected]
References: <[email protected]>
On Wed, Apr 22, 2009 at 2:12 PM, Marc Schoenefeld <[email protected]> wrote:
Hi,
an update on the two juddi issues, there have been two commits for this:
http://issues.apache.org/jira/browse/JUDDI-221?page=com.atlassian.jira.plugin.ext.subversion%3Asubversion-commits-tabpanel
http://issues.apache.org/jira/browse/JUDDI-220?page=com.atlassian.jira.plugin.ext.subversion%3Asubversion-commits-tabpanel
Are you aware of upcoming CVEs ?
Hi Marc; do you mean that those two commits correct the two issues you
reported? We'd need the JUDDI folks to respond to us to tell us their
plans for releasing updates and/or advisories about these issues. You
need a name for the cross-site scriptings and another for the log
injection, right?
Cheers, Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
