Re: [Fwd: Re: [Fwd: Apache juddi issues]]

[Kurt T Stam <ku...@gmail.com>]

Thanks Glen. And yes these are the fixes for those issues.

Is cc-ing the  security@apache.org list all I have to do? (I just read 
http://www.apache.org/security/committers.html and we don't have a 
specific jUDDI list for security)

thx,

--Kurt

kstam at apache.org




Glen Daniels wrote:
> Hi Kurt!
>
> You're on top of this, yes?
>
> --Glen
>
> -------- Original Message --------
> Subject: Re: [Fwd: Apache juddi issues]
> Date: Thu, 23 Apr 2009 16:08:51 +0100
> From: Mark J Cox <ma...@awe.com>
> Reply-To: private@ws.apache.org
> To: Marc Schoenefeld <ms...@redhat.com>
> CC: security@apache.org <se...@apache.org>, private@ws.apache.org
> References: <49...@redhat.com>
>
> On Wed, Apr 22, 2009 at 2:12 PM, Marc Schoenefeld <ms...@redhat.com> wrote:
>   
>> Hi,
>>
>> an update on the two juddi issues, there have been two commits for this:
>>
>> http://issues.apache.org/jira/browse/JUDDI-221?page=com.atlassian.jira.plugin.ext.subversion%3Asubversion-commits-tabpanel
>> http://issues.apache.org/jira/browse/JUDDI-220?page=com.atlassian.jira.plugin.ext.subversion%3Asubversion-commits-tabpanel
>>
>> Are you aware of upcoming CVEs ?
>>     
>
> Hi Marc; do you mean that those two commits correct the two issues you
> reported?  We'd need the JUDDI folks to respond to us to tell us their
> plans for releasing updates and/or advisories about these issues.  You
> need a name for the cross-site scriptings and another for the log
> injection, right?
>
> Cheers, Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: private-unsubscribe@ws.apache.org
> For additional commands, e-mail: private-help@ws.apache.org
>
>