You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomee.apache.org by Robert Panzer <rp...@tomitribe.com> on 2016/04/04 22:57:09 UTC
Document resolved vulnerability CVE-2015-8581
Hi,
the TomEE docs currently document CVE-2016-0779 as resolved in TomEE 1.7.4 and 7.0.0-M3.
This seems to be a duplicate of CVE-2015-8581.
Therefore this vulnerability should also be documented as resolved.
I opened a ticket and attached a patch that adds a mention of CVE-2015-8581 next to CVE-2016-0779.
Would be nice if somebody could review it.
Cheers
Robert
Re: Document resolved vulnerability CVE-2015-8581
Posted by Jean-Louis Monteiro <jl...@tomitribe.com>.
Yes, both are associated with the same security vulnerability and need to
appear on the website.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Mon, Apr 4, 2016 at 11:16 PM, Romain Manni-Bucau <rm...@gmail.com>
wrote:
> Hi
>
> We got 2016 number, not sure where 2015 one comes from but didnt go through
> security process - or was before we tackled it? any other pmc saw it?
>
> If didnt went through security@ no reason to mention it.
> Le 4 avr. 2016 22:57, "Robert Panzer" <rp...@tomitribe.com> a écrit :
>
> > Hi,
> >
> > the TomEE docs currently document CVE-2016-0779 as resolved in TomEE
> 1.7.4
> > and 7.0.0-M3.
> > This seems to be a duplicate of CVE-2015-8581.
> >
> > Therefore this vulnerability should also be documented as resolved.
> >
> > I opened a ticket and attached a patch that adds a mention of
> > CVE-2015-8581 next to CVE-2016-0779.
> >
> > Would be nice if somebody could review it.
> >
> > Cheers
> > Robert
>
Re: Document resolved vulnerability CVE-2015-8581
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi
We got 2016 number, not sure where 2015 one comes from but didnt go through
security process - or was before we tackled it? any other pmc saw it?
If didnt went through security@ no reason to mention it.
Le 4 avr. 2016 22:57, "Robert Panzer" <rp...@tomitribe.com> a écrit :
> Hi,
>
> the TomEE docs currently document CVE-2016-0779 as resolved in TomEE 1.7.4
> and 7.0.0-M3.
> This seems to be a duplicate of CVE-2015-8581.
>
> Therefore this vulnerability should also be documented as resolved.
>
> I opened a ticket and attached a patch that adds a mention of
> CVE-2015-8581 next to CVE-2016-0779.
>
> Would be nice if somebody could review it.
>
> Cheers
> Robert