You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@roller.apache.org by CVE Request <CV...@mitre.org> on 2019/02/16 14:26:30 UTC

CVE Request 642986 for Publication Request

Thank you for your submission. It will be reviewed by a CVE Assignment Team member.


Changes, additions, or updates to your request can be sent to the CVE Team by replying directly to this email.

Please do not change the subject line, which allows us to effectively track your request.

CVE Assignment Team 
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA 
[A PGP key is available for encrypted communications at 
http://cve.mitre.org/cve/request_id.html]

{CMI: MCID2788259}

Re: CVE Request 642986 for Publication Request

Posted by Dave <sn...@gmail.com>.

We announced a CVE and a fix for it about a month ago, but I did not notify
all of the places until yesterday.

CVE announcement
https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5@%3Cdev.roller.apache.org%3E

Fix: upgrade to Roller 5.2.2 or disable the XMLRPC servlet
https://lists.apache.org/thread.html/86655a8a1df1a2e184ba7a973fbb2f6ac873775e411daf2d74eb6bb2@%3Cdev.roller.apache.org%3E

Dave


On Sun, Feb 17, 2019 at 4:01 PM Jason Pyeron <jp...@pdinc.us> wrote:

> Context? Is the patch completed? Is there a fix planned?
>
> v/r,
>
> Jason Pyeron
>
> > -----Original Message-----
> > From: CVE Request <CV...@mitre.org>
> > Sent: Saturday, February 16, 2019 9:27 AM
> > To: user@roller.apache.org
> > Subject: CVE Request 642986 for Publication Request
> >
> > Thank you for your submission. It will be reviewed by a CVE Assignment
> Team member.
> >
> >
> > Changes, additions, or updates to your request can be sent to the CVE
> Team by replying directly to
> > this email.
> >
> > Please do not change the subject line, which allows us to effectively
> track your request.
> >
> > CVE Assignment Team
> > M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> > [A PGP key is available for encrypted communications at
> > http://cve.mitre.org/cve/request_id.html]
> >
> > {CMI: MCID2788259}
>
>

Re: CVE Request 642986 for Publication Request

Posted by Dave <sn...@gmail.com>.

We announced a CVE and a fix for it about a month ago, but I did not notify
all of the places until yesterday.

CVE announcement
https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5@%3Cdev.roller.apache.org%3E

Fix: upgrade to Roller 5.2.2 or disable the XMLRPC servlet
https://lists.apache.org/thread.html/86655a8a1df1a2e184ba7a973fbb2f6ac873775e411daf2d74eb6bb2@%3Cdev.roller.apache.org%3E

Dave


On Sun, Feb 17, 2019 at 4:01 PM Jason Pyeron <jp...@pdinc.us> wrote:

> Context? Is the patch completed? Is there a fix planned?
>
> v/r,
>
> Jason Pyeron
>
> > -----Original Message-----
> > From: CVE Request <CV...@mitre.org>
> > Sent: Saturday, February 16, 2019 9:27 AM
> > To: user@roller.apache.org
> > Subject: CVE Request 642986 for Publication Request
> >
> > Thank you for your submission. It will be reviewed by a CVE Assignment
> Team member.
> >
> >
> > Changes, additions, or updates to your request can be sent to the CVE
> Team by replying directly to
> > this email.
> >
> > Please do not change the subject line, which allows us to effectively
> track your request.
> >
> > CVE Assignment Team
> > M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> > [A PGP key is available for encrypted communications at
> > http://cve.mitre.org/cve/request_id.html]
> >
> > {CMI: MCID2788259}
>
>

RE: CVE Request 642986 for Publication Request

Posted by Jason Pyeron <jp...@pdinc.us>.

Context? Is the patch completed? Is there a fix planned?

v/r,

Jason Pyeron

> -----Original Message-----
> From: CVE Request <CV...@mitre.org>
> Sent: Saturday, February 16, 2019 9:27 AM
> To: user@roller.apache.org
> Subject: CVE Request 642986 for Publication Request
> 
> Thank you for your submission. It will be reviewed by a CVE Assignment Team member.
> 
> 
> Changes, additions, or updates to your request can be sent to the CVE Team by replying directly to
> this email.
> 
> Please do not change the subject line, which allows us to effectively track your request.
> 
> CVE Assignment Team
> M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> [A PGP key is available for encrypted communications at
> http://cve.mitre.org/cve/request_id.html]
> 
> {CMI: MCID2788259}

RE: CVE Request 642986 for Publication Request

Posted by Jason Pyeron <jp...@pdinc.us>.

Context? Is the patch completed? Is there a fix planned?

v/r,

Jason Pyeron

> -----Original Message-----
> From: CVE Request <CV...@mitre.org>
> Sent: Saturday, February 16, 2019 9:27 AM
> To: user@roller.apache.org
> Subject: CVE Request 642986 for Publication Request
> 
> Thank you for your submission. It will be reviewed by a CVE Assignment Team member.
> 
> 
> Changes, additions, or updates to your request can be sent to the CVE Team by replying directly to
> this email.
> 
> Please do not change the subject line, which allows us to effectively track your request.
> 
> CVE Assignment Team
> M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> [A PGP key is available for encrypted communications at
> http://cve.mitre.org/cve/request_id.html]
> 
> {CMI: MCID2788259}