You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by Noah Slater <ns...@apache.org> on 2013/02/25 21:19:56 UTC
Fix for CVE-2010-3854
Hey,
When did the fix for CVE-2010-3854 land? From the disclosure, it looks like
1.0.2. It is not mentioned in any NEWS or CHANGES.
Please confirm 1.0.2. is correct.
Thanks,
--
NS
Re: Fix for CVE-2010-3854
Posted by Noah Slater <ns...@apache.org>.
Thanks Jan. We'll update procedure accordingly.
On 27 February 2013 12:06, Jan Lehnardt <ja...@apache.org> wrote:
> Note: we didn’t have these as our procedure for handling these
> didn’t include an item "update NEWS & CHANGES". I believe that we
> should have done this *and* keept a record which commit(s) reflect
> which CVEs for later reference.
>
> On Feb 27, 2013, at 13:04 , Jan Lehnardt <ja...@apache.org> wrote:
>
> > Confirmed.
> >
> > On Feb 25, 2013, at 21:19 , Noah Slater <ns...@apache.org> wrote:
> >
> >> Hey,
> >>
> >> When did the fix for CVE-2010-3854 land? From the disclosure, it looks
> like
> >> 1.0.2. It is not mentioned in any NEWS or CHANGES.
> >>
> >> Please confirm 1.0.2. is correct.
> >>
> >> Thanks,
> >>
> >> --
> >> NS
> >
>
>
--
NS
Re: Fix for CVE-2010-3854
Posted by Jan Lehnardt <ja...@apache.org>.
Note: we didn’t have these as our procedure for handling these
didn’t include an item "update NEWS & CHANGES". I believe that we
should have done this *and* keept a record which commit(s) reflect
which CVEs for later reference.
On Feb 27, 2013, at 13:04 , Jan Lehnardt <ja...@apache.org> wrote:
> Confirmed.
>
> On Feb 25, 2013, at 21:19 , Noah Slater <ns...@apache.org> wrote:
>
>> Hey,
>>
>> When did the fix for CVE-2010-3854 land? From the disclosure, it looks like
>> 1.0.2. It is not mentioned in any NEWS or CHANGES.
>>
>> Please confirm 1.0.2. is correct.
>>
>> Thanks,
>>
>> --
>> NS
>
Re: Fix for CVE-2010-3854
Posted by Jan Lehnardt <ja...@apache.org>.
Confirmed.
On Feb 25, 2013, at 21:19 , Noah Slater <ns...@apache.org> wrote:
> Hey,
>
> When did the fix for CVE-2010-3854 land? From the disclosure, it looks like
> 1.0.2. It is not mentioned in any NEWS or CHANGES.
>
> Please confirm 1.0.2. is correct.
>
> Thanks,
>
> --
> NS
Re: Fix for CVE-2010-3854
Posted by Noah Slater <ns...@apache.org>.
Bump.
On 25 February 2013 20:19, Noah Slater <ns...@apache.org> wrote:
> Hey,
>
> When did the fix for CVE-2010-3854 land? From the disclosure, it looks
> like 1.0.2. It is not mentioned in any NEWS or CHANGES.
>
> Please confirm 1.0.2. is correct.
>
> Thanks,
>
> --
> NS
>
--
NS