Document resolved vulnerability CVE-2015-8581

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Document resolved vulnerability CVE-2015-8581

Robert Panzer-2
Hi,

the TomEE docs currently document CVE-2016-0779 as resolved in TomEE 1.7.4 and 7.0.0-M3.
This seems to be a duplicate of CVE-2015-8581.

Therefore this vulnerability should also be documented as resolved.

I opened a ticket and attached a patch that adds a mention of CVE-2015-8581 next to CVE-2016-0779.

Would be nice if somebody could review it.

Cheers
Robert
Reply | Threaded
Open this post in threaded view
|

Re: Document resolved vulnerability CVE-2015-8581

Romain Manni-Bucau
Hi

We got 2016 number, not sure where 2015 one comes from but didnt go through
security process - or was before we tackled it? any other pmc saw it?

If didnt went through security@ no reason to mention it.
Le 4 avr. 2016 22:57, "Robert Panzer" <[hidden email]> a écrit :

> Hi,
>
> the TomEE docs currently document CVE-2016-0779 as resolved in TomEE 1.7.4
> and 7.0.0-M3.
> This seems to be a duplicate of CVE-2015-8581.
>
> Therefore this vulnerability should also be documented as resolved.
>
> I opened a ticket and attached a patch that adds a mention of
> CVE-2015-8581 next to CVE-2016-0779.
>
> Would be nice if somebody could review it.
>
> Cheers
> Robert
Reply | Threaded
Open this post in threaded view
|

Re: Document resolved vulnerability CVE-2015-8581

Jean-Louis MONTEIRO
Yes, both are associated with the same security vulnerability and need to
appear on the website.

--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com

On Mon, Apr 4, 2016 at 11:16 PM, Romain Manni-Bucau <[hidden email]>
wrote:

> Hi
>
> We got 2016 number, not sure where 2015 one comes from but didnt go through
> security process - or was before we tackled it? any other pmc saw it?
>
> If didnt went through security@ no reason to mention it.
> Le 4 avr. 2016 22:57, "Robert Panzer" <[hidden email]> a écrit :
>
> > Hi,
> >
> > the TomEE docs currently document CVE-2016-0779 as resolved in TomEE
> 1.7.4
> > and 7.0.0-M3.
> > This seems to be a duplicate of CVE-2015-8581.
> >
> > Therefore this vulnerability should also be documented as resolved.
> >
> > I opened a ticket and attached a patch that adds a mention of
> > CVE-2015-8581 next to CVE-2016-0779.
> >
> > Would be nice if somebody could review it.
> >
> > Cheers
> > Robert
>
   --
    Jean-Louis Monteiro
    http://twitter.com/jlouismonteiro
    http://www.tomitribe.com