You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@juddi.apache.org by Kurt T Stam <ku...@gmail.com> on 2009/04/27 19:22:29 UTC
Re: [Fwd: Re: [Fwd: Apache juddi issues]]
Thanks Glen. And yes these are the fixes for those issues.
Is cc-ing the security@apache.org list all I have to do? (I just read
http://www.apache.org/security/committers.html and we don't have a
specific jUDDI list for security)
thx,
--Kurt
kstam at apache.org
Glen Daniels wrote:
> Hi Kurt!
>
> You're on top of this, yes?
>
> --Glen
>
> -------- Original Message --------
> Subject: Re: [Fwd: Apache juddi issues]
> Date: Thu, 23 Apr 2009 16:08:51 +0100
> From: Mark J Cox <ma...@awe.com>
> Reply-To: private@ws.apache.org
> To: Marc Schoenefeld <ms...@redhat.com>
> CC: security@apache.org <se...@apache.org>, private@ws.apache.org
> References: <49...@redhat.com>
>
> On Wed, Apr 22, 2009 at 2:12 PM, Marc Schoenefeld <ms...@redhat.com> wrote:
>
>> Hi,
>>
>> an update on the two juddi issues, there have been two commits for this:
>>
>> http://issues.apache.org/jira/browse/JUDDI-221?page=com.atlassian.jira.plugin.ext.subversion%3Asubversion-commits-tabpanel
>> http://issues.apache.org/jira/browse/JUDDI-220?page=com.atlassian.jira.plugin.ext.subversion%3Asubversion-commits-tabpanel
>>
>> Are you aware of upcoming CVEs ?
>>
>
> Hi Marc; do you mean that those two commits correct the two issues you
> reported? We'd need the JUDDI folks to respond to us to tell us their
> plans for releasing updates and/or advisories about these issues. You
> need a name for the cross-site scriptings and another for the log
> injection, right?
>
> Cheers, Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: private-unsubscribe@ws.apache.org
> For additional commands, e-mail: private-help@ws.apache.org
>
>