roller-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave <snoopd...@gmail.com>
Subject Re: CVE Request 642986 for Publication Request
Date Sun, 17 Feb 2019 21:35:35 GMT
We announced a CVE and a fix for it about a month ago, but I did not notify
all of the places until yesterday.

CVE announcement
https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5@%3Cdev.roller.apache.org%3E

Fix: upgrade to Roller 5.2.2 or disable the XMLRPC servlet
https://lists.apache.org/thread.html/86655a8a1df1a2e184ba7a973fbb2f6ac873775e411daf2d74eb6bb2@%3Cdev.roller.apache.org%3E

Dave


On Sun, Feb 17, 2019 at 4:01 PM Jason Pyeron <jpyeron@pdinc.us> wrote:

> Context? Is the patch completed? Is there a fix planned?
>
> v/r,
>
> Jason Pyeron
>
> > -----Original Message-----
> > From: CVE Request <CVE-Request@mitre.org>
> > Sent: Saturday, February 16, 2019 9:27 AM
> > To: user@roller.apache.org
> > Subject: CVE Request 642986 for Publication Request
> >
> > Thank you for your submission. It will be reviewed by a CVE Assignment
> Team member.
> >
> >
> > Changes, additions, or updates to your request can be sent to the CVE
> Team by replying directly to
> > this email.
> >
> > Please do not change the subject line, which allows us to effectively
> track your request.
> >
> > CVE Assignment Team
> > M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> > [A PGP key is available for encrypted communications at
> > http://cve.mitre.org/cve/request_id.html]
> >
> > {CMI: MCID2788259}
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message