You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by Steve Huston <sh...@riverace.com> on 2012/08/30 14:57:16 UTC
FW: QPID-3849
Justin,
Could this note be added to the 0.18 release notes for the C++ broker?
-----Original Message-----
From: markcox@gmail.com [mailto:markcox@gmail.com] On Behalf Of Mark J Cox
Sent: Thursday, August 30, 2012 5:28 AM
To: Steve Huston
Cc: private@qpid.apache.org; security@apache.org
Subject: Re: QPID-3849
If you are in agreement it's a security vulnerability It would definitely be worth stating that you fixed this in the 0.18 release.
Usually when you announce 0.18 you'd mention the CVE at that time.
Use CVE-2012-3550
Thanks, Mark
On Fri, Jul 27, 2012 at 2:21 PM, Steve Huston <sh...@riverace.com> wrote:
> Hi Mark,
>
> Thank you for contacting us. The bug was resolved and will be included
> in the 0.18 release which is in progress now.
>
> Should we issue a CVE for prior versions? What's the process for that?
>
> -Steve Huston
>
> On 7/27/12 5:07 AM, "Mark J Cox" <mj...@apache.org> wrote:
>
>>Hi QPID folks; one of my team pointed me to
>>https://issues.apache.org/jira/browse/QPID-3849 which appears to be a
>>security issue. Are you dealing with it as a security issue and going
>>to provide a security update/advisory? I can give you a CVE name for
>>this issue if so, just let me know.
>>
>>Cheers, Mark
>>ASF Security Team
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: security-unsubscribe@apache.org For additional
> commands, e-mail: security-help@apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org
Re: FW: QPID-3849
Posted by Justin Ross <jr...@redhat.com>.
Yep, no problem.
On Thu, 30 Aug 2012, Steve Huston wrote:
> Justin,
> Could this note be added to the 0.18 release notes for the C++ broker?
>
> -----Original Message-----
> From: markcox@gmail.com [mailto:markcox@gmail.com] On Behalf Of Mark J Cox
> Sent: Thursday, August 30, 2012 5:28 AM
> To: Steve Huston
> Cc: private@qpid.apache.org; security@apache.org
> Subject: Re: QPID-3849
>
> If you are in agreement it's a security vulnerability It would definitely be worth stating that you fixed this in the 0.18 release.
> Usually when you announce 0.18 you'd mention the CVE at that time.
>
> Use CVE-2012-3550
>
> Thanks, Mark
>
> On Fri, Jul 27, 2012 at 2:21 PM, Steve Huston <sh...@riverace.com> wrote:
>> Hi Mark,
>>
>> Thank you for contacting us. The bug was resolved and will be included
>> in the 0.18 release which is in progress now.
>>
>> Should we issue a CVE for prior versions? What's the process for that?
>>
>> -Steve Huston
>>
>> On 7/27/12 5:07 AM, "Mark J Cox" <mj...@apache.org> wrote:
>>
>>> Hi QPID folks; one of my team pointed me to
>>> https://issues.apache.org/jira/browse/QPID-3849 which appears to be a
>>> security issue. Are you dealing with it as a security issue and going
>>> to provide a security update/advisory? I can give you a CVE name for
>>> this issue if so, just let me know.
>>>
>>> Cheers, Mark
>>> ASF Security Team
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: security-unsubscribe@apache.org For additional
>> commands, e-mail: security-help@apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
> For additional commands, e-mail: dev-help@qpid.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org